Data + Privacy + Cybersecurity Insights

Subscribe via RSS
Visit Blog
By: Goodwin Procter

Blog Authors

ABCDEFGHIJKLMNOPQRSTUVWXYZ
Data Privacy And Cybersecurity Insights

Latest from Data + Privacy + Cybersecurity Insights

Recent enforcement actions and announcements from the California Privacy Protection Agency (CPPA) and state Attorneys-General (AGs) in California, Colorado and Connecticut, and a California bill that passed the state legislature, signal a new phase of heightened enforcement, focused on honoring consumers’ opt out requests, including through cookie banners and the Global Privacy Control (GPC).
Two

What started as a flurry when California included protections for data about known teens in its 2018 privacy law soon became a blizzard. State after state passed new protections for teens into their own privacy laws, with each version raising the standards above the previous ones.
Now, even in the depths of summer, an avalanche is forming

During a Board Meeting on July 24, 2025, the California Privacy Protection Agency (CPPA) unanimously approved the long-awaited final text of its second rulemaking package, implementing a broad swath of new requirements regarding risk assessments, automated decisionmaking technology (ADMT), and cybersecurity audits. The regulations, under the California Consumer Privacy Act (CCPA), also amended various provisions

On 25 March 2025, the Irish Data Protection Commission (‘DPC’) confirmed that it received no objections to its draft decision on how TikTok Technology Limited (‘TikTok’) transfers personal data to China.
The DPC, in its role as the lead supervisory authority for the Irish-headquartered TikTok, opened two ex officio inquiries into the TikTok’s GDPR compliance

On March 7, 2025, the California Privacy Protection Agency (Agency) reached a settlement with American Honda Motor Co. (Honda) resolving allegations that the company violated the California Consumer Privacy Act (CCPA). The order required Honda to pay a $632,500 fine and implement changes to its data privacy practices.
The Agency alleged that Honda improperly required

The Trump Administration has not slowed down in its rollout of wide-sweeping technology policy changes with potentially significant impacts to be felt throughout the country and around the globe. Personnel changes and public announcements of new priorities are the throughline of new actions crossing various sectors and agencies at the federal level; notably, at the

On February 11, 2025, the European Data Protection Board (“EDPB”) issued a statement outlining its expectations for aligning the proliferating use of age assurance checks with the GDPR (the “Statement”). Aiming to promote a harmonized approach across the EU, the Statement provides guidance and high-level principles for online service providers (“Service Providers”). It emphasizes the

Introduction
As the United States transitions to a new administration, federal policymaking is beginning to shift away from civil rights and other Biden-era AI governance priorities and towards AI policies focused on “out-innovating the rest of the world,” securing US technological advantage, and national security, defense, and cybersecurity. In the meantime, states will play

On 14 January 2025, the UK government launched a public consultation on proposed legislative measures to combat the ever-increasing threat of ransomware. With these proposals, the UK government is seeking to step up its efforts to understand, deter and prosecute ransomware attacks by gathering more information from victims and undermining the ransomware business model.
The