On March 17, 2025, the Finnish Supervisory Authority (“SA”) announced that it is investigating the transfer of personal data related to human research samples by a Finnish university to a Chinese company for genetic analysis services.  Continue Reading Finnish Supervisory Authority Investigates Health Data Transfers to China

On March 18, 2025, the Norwegian Consumer Council asked the Norwegian Supervisory Authority to investigate a payment app provider for using consumers’ purchase history for targeted advertising. Continue Reading Watchdog to Investigate Mobile Payment Provider Over Its Use of Purchase History for Targeted Advertising

On March 5, 2025, Senators Bill Cassidy (R-LA) and Gary Peters (D-MI) introduced the federal Genomic Data Protection Act (“GDPA”).  The Senators introduced the same bill at the end of last year, but the bill stagnated, and Congress adjourned soon after.  Notably, as part of his February 2024 white paper, Senator Cassidy specifically called for the regulation of genetic data collected by direct-to-consumer genetic testing companies, pointing to several states that have enacted laws regulating these companies over the past several years.Continue Reading U.S. Senate Introduces Genomic Data Protection Act

On March 14, 2025, the Cyberspace Administration of China (“CAC”) released the final Measures for Labeling Artificial Intelligence-Generated Content and the mandatory national standard GB 45438-2025 Cybersecurity Technology – Labeling Method for Content Generated by Artificial Intelligence (collectively “Labeling Rules”).  The rules will take effect on

Continue Reading China Releases New Labeling Requirements for AI-Generated Content

On January 10, 2025, the Belgian High Court (Hof van Cassatie) upheld the decision of the Market Court in a case that pitched the GDPR right to file a complaint against the general legal principle in Belgian law that prohibits the abuse of law.Continue Reading Belgian High Court Decides on Abuse of Law in relation to the GDPR Right to File a Complaint

On March 13, 2025, the Commissioner for Democracy, Justice, the Rule of Law and Consumer Protection, Michael McGrath, confirmed that the Commission is considering simplifying the GDPR with a view to reducing the burden on smaller businesses.  This statement aligns with the Commission’s broader goal of simplifying the EU digital framework.Continue Reading European Commission Confirms Plans to Simplify GDPR

On March 13, 2025, the U.S. District Court for the Northern District of California issued an order granting NetChoice’s preliminary injunction against the entire California Age-Appropriate Design Code (CA AADC). The court held that NetChoice is likely to succeed on the merits of its facial First Amendment challenge because CA AADC is content-based, and it likely fails strict scrutiny. It is yet to be seen whether California will appeal; however, this order has the potential to be persuasive in challenges of other AADC-style state laws.Continue Reading District Court Enjoins Enforcement of the California Age-Appropriate Design Code Act

On Tuesday, March 11, 2025, in the first Senate Judiciary subcommittee hearing of the 119th Congress, the Senate Subcommittee on Crime and Counterterrorism held a hearing entitled “Ending the Scourge: The Need for the STOP CSAM Act.”  Subcommittee Chair Senator Josh Hawley (R-MO), who convened the hearing, and Ranking Member Dick Durbin (D-IL) announced in February that they intended to reintroduce the Strengthening Transparency and Obligations to Protect Children Suffering from Abuse and Mistreatment Act orSTOP CSAM Act”, a comprehensive bill that seeks to combat the online sexual exploitation of children.  First introduced in 2023, the Act did not receive a vote on the Senate floor last Congress, despite being unanimously advanced by the Senate Judiciary Committee. Continue Reading Senate Judiciary Subcommittee Holds Hearing on the STOP CSAM Act

A fan of celebrity LL Cool J filed a wiretapping suit against Community.com (“Community”), claiming that Community accessed her text message to LL Cool J in violation of the federal Wiretap Act and the California Invasion of Privacy Act (“CIPA”).  In an unpublished opinion highlighting that Section 632 of CIPA does not protect communications that are by nature a recorded medium, the Ninth Circuit affirmed dismissal of the plaintiff’s claims. See Boulton v. Community.com, Inc., No. 23-3145, 2025 WL 314813 (9th Cir. Jan. 28, 2025).Continue Reading Ninth Circuit Affirms Dismissal of CIPA and Wiretap Act Claims Against Celebrity Platform

Updated

On March 5, 2025, the European Data Protection Board (“EDPB”) announced that EU Supervisory Authorities (“SAs”) will undertake a coordinated enforcement action in 2025 regarding data subjects’ right to erasure under Art. 17 of the GDPR.  For context, the EDPB selects a particular topic each year as its focus for pan-EU coordinated enforcement.Continue Reading EDPB Launches Coordinated Enforcement on the Right to Erasure