On January 10, 2025, the Belgian High Court (Hof van Cassatie) upheld the decision of the Market Court in a case that pitched the GDPR right to file a complaint against the general legal principle in Belgian law that prohibits the abuse of law.Continue Reading Belgian High Court Decides on Abuse of Law in relation to the GDPR Right to File a Complaint

On March 13, 2025, the Commissioner for Democracy, Justice, the Rule of Law and Consumer Protection, Michael McGrath, confirmed that the Commission is considering simplifying the GDPR with a view to reducing the burden on smaller businesses.  This statement aligns with the Commission’s broader goal of simplifying the EU digital framework.Continue Reading European Commission Confirms Plans to Simplify GDPR

On March 13, 2025, the U.S. District Court for the Northern District of California issued an order granting NetChoice’s preliminary injunction against the entire California Age-Appropriate Design Code (CA AADC). The court held that NetChoice is likely to succeed on the merits of its facial First Amendment challenge because CA AADC is content-based, and it likely fails strict scrutiny. It is yet to be seen whether California will appeal; however, this order has the potential to be persuasive in challenges of other AADC-style state laws.Continue Reading District Court Enjoins Enforcement of the California Age-Appropriate Design Code Act

On Tuesday, March 11, 2025, in the first Senate Judiciary subcommittee hearing of the 119th Congress, the Senate Subcommittee on Crime and Counterterrorism held a hearing entitled “Ending the Scourge: The Need for the STOP CSAM Act.”  Subcommittee Chair Senator Josh Hawley (R-MO), who convened the hearing, and Ranking Member Dick Durbin (D-IL) announced in February that they intended to reintroduce the Strengthening Transparency and Obligations to Protect Children Suffering from Abuse and Mistreatment Act orSTOP CSAM Act”, a comprehensive bill that seeks to combat the online sexual exploitation of children.  First introduced in 2023, the Act did not receive a vote on the Senate floor last Congress, despite being unanimously advanced by the Senate Judiciary Committee. Continue Reading Senate Judiciary Subcommittee Holds Hearing on the STOP CSAM Act

A fan of celebrity LL Cool J filed a wiretapping suit against Community.com (“Community”), claiming that Community accessed her text message to LL Cool J in violation of the federal Wiretap Act and the California Invasion of Privacy Act (“CIPA”).  In an unpublished opinion highlighting that Section 632 of CIPA does not protect communications that are by nature a recorded medium, the Ninth Circuit affirmed dismissal of the plaintiff’s claims. See Boulton v. Community.com, Inc., No. 23-3145, 2025 WL 314813 (9th Cir. Jan. 28, 2025).Continue Reading Ninth Circuit Affirms Dismissal of CIPA and Wiretap Act Claims Against Celebrity Platform

Updated

On March 5, 2025, the European Data Protection Board (“EDPB”) announced that EU Supervisory Authorities (“SAs”) will undertake a coordinated enforcement action in 2025 regarding data subjects’ right to erasure under Art. 17 of the GDPR.  For context, the EDPB selects a particular topic each year as its focus for pan-EU coordinated enforcement.Continue Reading EDPB Launches Coordinated Enforcement on the Right to Erasure

On November 8, 2024, the UK’s communications regulator, the Office of Communications (“Ofcom”) published an open letter to online service providers operating in the UK regarding the Online Safety Act (“OSA”) and generative AI (the “Open Letter”).  In the Open Letter, Ofcom reminds online service providers that generative AI tools, such as chatbots and search assistants may fall within the scope of regulated services under the OSA.  More recently, Ofcom also published several pieces of guidance (some of which are under consultation) that include further commentary on how the OSA applies to generative AI services.Continue Reading Ofcom Explains How the UK Online Safety Act Will Apply to Generative AI

On February 27, 2025, the Court of Justice of the European Union (“CJEU”) issued a significant decision on the right of data subjects to request access to their personal data under Article 15 GDPR, specifically as it relates to automated decision-making and striking an appropriate balance between informing data subjects and protecting trade secrets (Case C‑203/22).Continue Reading CJEU Clarifies GDPR Rights on Automated Decision-Making and Trade Secrets

On February 20, 2025, the European Commission’s AI Office held a webinar explaining the AI literacy obligation under Article 4 of the EU’s AI Act.  This obligation started to apply on February 2, 2025.  At this webinar, the Commission highlighted the recently published repository of AI literacy practices.  This repository compiles the practices that some AI Pact companies have adopted to ensure a sufficient level of AI literacy in their workforce.  Continue Reading European Commission Provides Guidance on AI Literacy Requirement under the EU AI Act

On March 5, 2025, the Regulation on the European Health Data Space (“EHDS”) was published in the Official Journal (see here).  The text enters into force on March 25, 2025, however it only becomes applicable in a staggered manner over several years.

The section on secondary use of the

Continue Reading European Health Data Space Published