In this post: (1) Courts find cookie banners and sign-in banners place users on notice of privacy policy; (2) but policy must explicitly notify users of practice to establish consent; …
California continues to set the pace for digital privacy reform, enacting three groundbreaking laws that will reshape how personal information is handled across the state. On October 8, 2025, Governor…
Key point: Recent legislative efforts in Massachusetts, seeking to add another comprehensive data privacy law to the national patchwork of state laws, and in California enacting a law to regulate …
Four federal courts issued decisions in August involving claims that healthcare companies violated the Electronic Communications Privacy Act (ECPA) by deploying tracking technologies—such as the Meta Pixel and Google Analytics—on…
Key point: The California Legislature is considering a bill that would impose comprehensive requirements on the development, deployment, and use of artificial intelligence (AI) systems, with a focus on transparency, …
In this post: (1) The 9th Circuit tightens what “harm” a plaintiff must suffer to have standing; (2) the D.C. Circuit adds to growing circuit split on defining “consumers”; (3) Three …
Key point: Beginning November 10, 2025, DoD contracting officers will begin adding Cybersecurity Maturity Model Certification (CMMC) requirements to solicitations, and contracting officers “shall not award a contract, task order, …
Key point: The European General Court has upheld the European Commission’s adequacy decision for the EU-U.S. Data Privacy Framework, confirming that the United States ensures an adequate level of protection …
Key point: CMMC took another step towards reality, with OIRA clearing for publication the DFARS proposed rule that will add CMMC requirements as a condition of award for new contracts.
