On April 7, 2026, the Alabama legislature unanimously passed House Bill 351, the Alabama Personal Data Protection Act. The bill cleared the House 104-0 and the Senate 34-0, making Alabama the 21st state to enact a comprehensive consumer privacy statute. If signed by Governor Kay Ivey, the law will take effect on May 1
Continue Reading U.S.: Alabama Becomes 21st State to Enact Comprehensive Privacy Law
Seventh Circuit Holds BIPA’s 2024 Damages Amendment Applies Retroactively
In 2024, the Illinois General Assembly amended the Illinois Biometric Information Privacy Act (“BIPA”) to clarify that an individual cannot seek recovery for multiple alleged violations of BIPA when those violations concern the same person, defendant entity, and method of collection.
On April 1, 2026, the Seventh Circuit issued its decision in Clay v. Union
Continue Reading Seventh Circuit Holds BIPA’s 2024 Damages Amendment Applies RetroactivelyThe Ninth Circuit’s Latest CAADCA Ruling: Navigating an Evolving Compliance Landscape
California’s Age-Appropriate Design Code Act (CAADCA) remains at the center of one of the most significant legal battles in children’s privacy law. On March 12, 2026, the Ninth Circuit issued its latest decision in NetChoice, LLC v. Bonta, partially affirming and partially vacating the district court’s preliminary injunction that had blocked the law’s enforcement.
Continue Reading The Ninth Circuit’s Latest CAADCA Ruling: Navigating an Evolving Compliance Landscape
U.S.: CalPrivacy Continues Enforcement Momentum: Settlement Over Opt-Out of Sale/Sharing Violations
On March 5, 2026, the California Privacy Protection Agency (CalPrivacy or the Agency) announced a $375,703 settlement with Ford Motor Company (Ford), stemming from its long-running investigation into the privacy practices of connected vehicle manufacturers, an inquiry the Agency has been pursuing since 2023.
The Ford matter was announced just days after CalPrivacy’s settlement with
Continue Reading U.S.: CalPrivacy Continues Enforcement Momentum: Settlement Over Opt-Out of Sale/Sharing Violations
U.S. Privacy Laws Legislative Update
After a legislative lull last year, 2026 has brought a new wave of state privacy lawmaking activity.
A number of states have introduced comprehensive state privacy bills during the legislative cycle, reflecting a continued trend toward expanding individual privacy rights and creating new compliance obligations on businesses that collect and process personal data.
While many
Continue Reading U.S. Privacy Laws Legislative Update
U.S.: California’s PlayOn Enforcement: A New Chapter in Children’s Data Privacy
On March 3, 2026, the California Privacy Protection Agency (CalPrivacy) announced a settlement with PlayOn Sports (formerly 2080 Media, Inc.), imposing a $1.1 million administrative fine and sweeping compliance obligations. Reached in January, the settlement marks a significant escalation in state privacy enforcement and is the first CalPrivacy action to address privacy violations involving students
Continue Reading U.S.: California’s PlayOn Enforcement: A New Chapter in Children’s Data Privacy
U.S.: Ninth Circuit Expands Personal Jurisdiction Over Foreign Tech Platforms in Data Breach Cases
On March 2, 2026, the U.S. Court of Appeals for the Ninth Circuit issued a significant decision, in Freeman v. 3Commas Technologies OÜ, reversing a district court’s dismissal of a class action against an Estonian software company for lack of personal jurisdiction.[1] The ruling provides valuable guidance on when foreign technology companies can
Continue Reading U.S.: Ninth Circuit Expands Personal Jurisdiction Over Foreign Tech Platforms in Data Breach Cases
U.S.: Virginia’s Social Media Time‑Limit Law for Minors Blocked: Key Takeaways
On February 27, 2026, a federal court in Virginia issued a decision with significant implications for state efforts to regulate minors’ use of social media. In NetChoice v. Jay Jones, the U.S. District Court for the Eastern District of Virginia granted a preliminary injunction blocking enforcement of Virginia Senate Bill 854, a statute that
Continue Reading U.S.: Virginia’s Social Media Time‑Limit Law for Minors Blocked: Key Takeaways
U.S.: FTC Issues COPPA Policy Statement to Incentivize the Use of Age Verification Technologies to Protect Children Online
The FTC just released a policy statement regarding enforcement activities related to COPPA, which can be found at this link.
According to Christopher Mufarrige, Director of the FTC’s Bureau of Consumer Protection, age verification technologies are important child-protective technologies, and this policy statement “…incentivizes operators to use these innovative tools, empowering parents to protect
Continue Reading U.S.: FTC Issues COPPA Policy Statement to Incentivize the Use of Age Verification Technologies to Protect Children Online
U.S.: Illinois Law Trumps Meta’s California Choice-of-Law Provision in BIPA Class Action
A recent federal court decision raises questions about the enforcement of contractual choice‑of‑law provisions in the context of a case brought under Illinois’s Biometric Information Privacy Act (BIPA).
In Hartman, et al. v. Meta Platforms, Inc., the U.S. District Court for the Southern District of Illinois denied Meta’s motion for summary judgment seeking to
Continue Reading U.S.: Illinois Law Trumps Meta’s California Choice-of-Law Provision in BIPA Class Action