On Sept. 23, 2025, the California Privacy Protection Agency (CPPA) announced that the state’s Office of Administrative Law (OAL) had formally approved the CPPA’s wide-ranging package of revised and new California Consumer Privacy Act (CCPA) regulations.
Continue Reading Revised and New CCPA Regulations Set to Take Effect on Jan. 1, 2026 – Summary of Near-Term Action Items
The California Privacy Protection Agency (CPPA) Board met on July 24, 2025, and advanced several key initiatives with direct implications for businesses operating in California.
The meeting focused on finalizing regulations pertaining to automated decision-making, risk assessments, and cybersecurity audits; advancing the California Delete Act’s Delete Request and Opt-Out Platform (DROP) rulemaking applicable to data
On the heels of the California Attorney General’s largest California Consumer Privacy Act-related settlement yet, the Connecticut Office of the Attorney General has announced its first public enforcement action under the Connecticut Data Privacy Act (CTDPA).
Continue Reading Connecticut AG Fines Ticket Marketplace in State’s First CTDPA Privacy Law Enforcement Action
On July 1, 2025, the California attorney general (AG) announced a $1.55 million settlement (pending court approval) with Healthline Media, LLC (Healthline), who publishes Healthline.com, a health information website. This settlement marks the regulator’s continued focus on online tracking technologies for targeted advertising and the effectiveness of consumer opt-out systems.
Continue Reading California CCPA Settlement: Health Website Penalized for Tracking Non-Compliance
In a potentially significant development for companies subject to the California Consumer Privacy Act, as amended (CCPA), on Feb. 9, California’s Third District Court of Appeal overturned a Superior Court decision issued in June 2023 that had stayed the enforcement of new CCPA regulations finalized by the California Privacy Protection Agency (CPPA), first-in-the-nation privacy regulator
On July 10, 2023, the European Commission (EC) adopted its long-awaited adequacy decision for the United States, resulting in the new EU-U.S. Data Privacy Framework (DPF or Framework). For more information, see our European Commission Adopts EU-U.S. Adequacy Decision blog post.
Qualified Adequacy Decision for the United States. Typically, EC
Following on the heels of a California Superior Court’s last minute ruling that stayed enforcement of the revised California Consumer Privacy Act (CCPA) regulations, as previously discussed on this blog, California’s data privacy regulators have responded in ways that confirm they are more committed than ever to holding businesses accountable for alleged violations
On July 10, 2023, the European Commission adopted its long-awaited adequacy decision on the EU-U.S. Data Privacy Framework (the “Framework”) thereby concluding that the United States ensures an adequate level of protection for personal data that are transferred from the European Union to companies in the U.S. that participate in the Framework.
The