On March 3, 2026, the California Privacy Protection Agency (CalPrivacy) announced a settlement with PlayOn Sports (formerly 2080 Media, Inc.), imposing a $1.1 million administrative fine and sweeping compliance obligations. Reached in January, the settlement marks a significant escalation in state privacy enforcement and is the first CalPrivacy action to address privacy violations involving students
Continue Reading California’s PlayOn Enforcement: A New Chapter in Children’s Data PrivacyNinth Circuit Expands Personal Jurisdiction Over Foreign Tech Platforms in Data Breach Cases
On March 2, 2026, the U.S. Court of Appeals for the Ninth Circuit issued a significant decision, in Freeman v. 3Commas Technologies OÜ, reversing a district court’s dismissal of a class action against an Estonian software company for lack of personal jurisdiction.[1] The ruling provides valuable guidance on when foreign technology companies can
Continue Reading Ninth Circuit Expands Personal Jurisdiction Over Foreign Tech Platforms in Data Breach CasesVirginia’s Social Media Time‑Limit Law for Minors Blocked: Key Takeaways
On February 27, 2026, a federal court in Virginia issued a decision with significant implications for state efforts to regulate minors’ use of social media. In NetChoice v. Jay Jones, the U.S. District Court for the Eastern District of Virginia granted a preliminary injunction blocking enforcement of Virginia Senate Bill 854, a statute that
Continue Reading Virginia’s Social Media Time‑Limit Law for Minors Blocked: Key TakeawaysFTC Issues COPPA Policy Statement to Incentivize the Use of Age Verification Technologies to Protect Children Online
The FTC just released a policy statement regarding enforcement activities related to COPPA, which can be found at this link.
According to Christopher Mufarrige, Director of the FTC’s Bureau of Consumer Protection, age verification technologies are important child-protective technologies, and this policy statement “…incentivizes operators to use these innovative tools, empowering parents to protect
Continue Reading FTC Issues COPPA Policy Statement to Incentivize the Use of Age Verification Technologies to Protect Children OnlineIllinois Law Trumps Meta’s California Choice-of-Law Provision in BIPA Class Action
A recent federal court decision raises questions about the enforcement of contractual choice‑of‑law provisions in the context of a case brought under Illinois’s Biometric Information Privacy Act (BIPA).
In Hartman, et al. v. Meta Platforms, Inc., the U.S. District Court for the Southern District of Illinois denied Meta’s motion for summary judgment seeking to
Continue Reading Illinois Law Trumps Meta’s California Choice-of-Law Provision in BIPA Class ActionTexas AG Sues Shein Over Alleged Deceptive Practices and Data Privacy Risks
On February 20, 2026, Texas Attorney General Ken Paxton filed suit against Shein US Services, LLC, alleging false, deceptive, and misleading practices in violation of the Texas Deceptive Trade Practices Act. The complaint targets both product safety concerns and alleged misrepresentations regarding consumer data practices.
Shein, founded in China in 2008, is a global fast‑fashion
Continue Reading Texas AG Sues Shein Over Alleged Deceptive Practices and Data Privacy Risks
EU: EDPB and EDPS publish joint opinion on the European Commission’s Proposal for the Digital Omnibus on AI
Navigating Simplification Without Sacrificing Safeguards: Key Takeaways
As the EU begins the complex task of making the European Artificial Intelligence Act[1] (the “AI Act”) workable in real life, the European Commission’s Proposal for a Regulation amending Regulations (EU) 2024/1689 and (EU) 2018/1139 as regards the simplification of the implementation of harmonised rules
Continue Reading EU: EDPB and EDPS publish joint opinion on the European Commission’s Proposal for the Digital Omnibus on AI
Australia’s Social Media “Ban” and the eSafety Commissioner’s Social Media Minimum Age Regulatory Guidance
Australia’s world-first social media “ban” has been in the global spotlight since its introduction in late 2025. As other jurisdictions look to follow suit, parents and tech giants alike continue to grapple with a key question: how will the ban be practically enforced?
Application of the “social media ban”
On 10 December 2025, the Online
Continue Reading Australia’s Social Media “Ban” and the eSafety Commissioner’s Social Media Minimum Age Regulatory Guidance
EU Commission looks to strengthen EU Cybersecurity Resilience and Capabilities
On 20 January 2026, the European Commission proposed a new cybersecurity package, aimed at strengthening the EU’s cybersecurity resilience and capabilities. The package includes a revised Cybersecurity Act (“CSA“) and targeted amendments to the NIS2 Directive (see our blog post for further information on the amendments to the NIS2 Directive). The revised
Continue Reading EU Commission looks to strengthen EU Cybersecurity Resilience and Capabilities
UK: Commencement of the data protection provisions in the Data (Use and Access) Act
On 5 February 2026, the main changes to data protection legislation in Part 5 of the Data (Use and Access) Act 2025 (“DUAA“) came into force.
The DUAA was passed and received Royal Assent on 19 June 2025. Although some of the DUUA provisions came into force automatically, many of the reforms
Continue Reading UK: Commencement of the data protection provisions in the Data (Use and Access) Act