Healthcare Website Tracking: Lessons from Four Recent ECPA Rulings

By Dustin Taylor on September 22, 2025

Four federal courts issued decisions in August involving claims that healthcare companies violated the Electronic Communications Privacy Act (ECPA) by deploying tracking technologies—such as the Meta Pixel and Google Analytics—on…

California Legislature Advances Sweeping AI Bill: Implications for Businesses and Developers of “Companion Chatbots”

By Heidi Salow & Shannon Kapadia on September 19, 2025

Key point: The California Legislature is considering a bill that would impose comprehensive requirements on the development, deployment, and use of artificial intelligence (AI) systems, with a focus on transparency, …

U.S. Privacy Litigation Update: August 2025 Decisions

By Dustin Taylor & Owen Davis on September 16, 2025

In this post: (1) The 9th Circuit tightens what “harm” a plaintiff must suffer to have standing; (2) the D.C. Circuit adds to growing circuit split on defining “consumers”; (3) Three …

The Defense Department’s Cybersecurity Requirements Go Live

By Erik Dullea & Luis Hidalgo on September 11, 2025

Key point: Beginning November 10, 2025, DoD contracting officers will begin adding Cybersecurity Maturity Model Certification (CMMC) requirements to solicitations, and contracting officers “shall not award a contract, task order, …

Communication technology with global internet network connected

EU Court Upholds Data Privacy Framework Despite Challenge: Implications for Transatlantic Data Transfers

By Heidi Salow & Erik Dullea on September 8, 2025

Key point: The European General Court has upheld the European Commission’s adequacy decision for the EU-U.S. Data Privacy Framework, confirming that the United States ensures an adequate level of protection …

OIRA Completes its Review of the DFARS CMMC Proposed Rule: Is Your Company CMMC Certified, or Will It be Excluded from Future Awards?

By Erik Dullea, Heidi Salow & Luis Hidalgo on September 2, 2025

Key point: CMMC took another step towards reality, with OIRA clearing for publication the DFARS proposed rule that will add CMMC requirements as a condition of award for new contracts.

Colorado Delays AI Act Compliance: What Lawyers and Business Leaders Need to Know

By Erik Dullea on August 27, 2025

Key point: During Colorado’s legislative special session, which aimed to address budgetary shortfalls resulting from this year’s federal appropriations act, lawmakers approved a delay in the Colorado AI Act’s effective …

CISA 2015: Congress Faces Fast-Approaching Deadline to Reauthorize a Critical Cybersecurity Law

By Erik Dullea & Emily Loftis on August 14, 2025

Key point: With the Cybersecurity Information Sharing Act of 2015 (CISA 2015) scheduled to sunset on September 30, 2025, Congress will need to act quickly to renew the law and …

U.S. Privacy Litigation Update: July 2025 Decisions

By Dustin Taylor & Owen Davis on August 13, 2025

In this post: (1) California courts split on personal jurisdiction post-Briskin; (2) District courts dismiss VPPA claims against movie theaters & online platforms; (3) ND Cal courts find “crime-tort” exception …

Byte Back

Featured Posts

U.S. Privacy Litigation Update: September 2025 Decisions

California’s Latest Trio of Privacy Bills: What Businesses and Consumers Need to Know

Massachusetts and California Legislative Activity: Data Privacy and AI Legislation

The Latest