California’s Age-Appropriate Design Code Act (CAADCA) remains at the center of one of the most significant legal battles in children’s privacy law. On March 12, 2026, the Ninth Circuit issued its latest decision in NetChoice, LLC v. Bonta, partially affirming and partially vacating the district court’s preliminary injunction that had blocked the law’s enforcement.
Continue Reading The Ninth Circuit’s Latest CAADCA Ruling: Navigating an Evolving Compliance Landscape
U.S.: CalPrivacy Continues Enforcement Momentum: Settlement Over Opt-Out of Sale/Sharing Violations
On March 5, 2026, the California Privacy Protection Agency (CalPrivacy or the Agency) announced a $375,703 settlement with Ford Motor Company (Ford), stemming from its long-running investigation into the privacy practices of connected vehicle manufacturers, an inquiry the Agency has been pursuing since 2023.
The Ford matter was announced just days after CalPrivacy’s settlement with
Continue Reading U.S.: CalPrivacy Continues Enforcement Momentum: Settlement Over Opt-Out of Sale/Sharing Violations
U.S. Privacy Laws Legislative Update
After a legislative lull last year, 2026 has brought a new wave of state privacy lawmaking activity.
A number of states have introduced comprehensive state privacy bills during the legislative cycle, reflecting a continued trend toward expanding individual privacy rights and creating new compliance obligations on businesses that collect and process personal data.
While many
Continue Reading U.S. Privacy Laws Legislative Update
U.S.: California’s PlayOn Enforcement: A New Chapter in Children’s Data Privacy
On March 3, 2026, the California Privacy Protection Agency (CalPrivacy) announced a settlement with PlayOn Sports (formerly 2080 Media, Inc.), imposing a $1.1 million administrative fine and sweeping compliance obligations. Reached in January, the settlement marks a significant escalation in state privacy enforcement and is the first CalPrivacy action to address privacy violations involving students
Continue Reading U.S.: California’s PlayOn Enforcement: A New Chapter in Children’s Data Privacy
U.S.: Ninth Circuit Expands Personal Jurisdiction Over Foreign Tech Platforms in Data Breach Cases
On March 2, 2026, the U.S. Court of Appeals for the Ninth Circuit issued a significant decision, in Freeman v. 3Commas Technologies OÜ, reversing a district court’s dismissal of a class action against an Estonian software company for lack of personal jurisdiction.[1] The ruling provides valuable guidance on when foreign technology companies can
Continue Reading U.S.: Ninth Circuit Expands Personal Jurisdiction Over Foreign Tech Platforms in Data Breach Cases
U.S.: FTC Issues COPPA Policy Statement to Incentivize the Use of Age Verification Technologies to Protect Children Online
The FTC just released a policy statement regarding enforcement activities related to COPPA, which can be found at this link.
According to Christopher Mufarrige, Director of the FTC’s Bureau of Consumer Protection, age verification technologies are important child-protective technologies, and this policy statement “…incentivizes operators to use these innovative tools, empowering parents to protect
Continue Reading U.S.: FTC Issues COPPA Policy Statement to Incentivize the Use of Age Verification Technologies to Protect Children Online
U.S.: Illinois Law Trumps Meta’s California Choice-of-Law Provision in BIPA Class Action
A recent federal court decision raises questions about the enforcement of contractual choice‑of‑law provisions in the context of a case brought under Illinois’s Biometric Information Privacy Act (BIPA).
In Hartman, et al. v. Meta Platforms, Inc., the U.S. District Court for the Southern District of Illinois denied Meta’s motion for summary judgment seeking to
Continue Reading U.S.: Illinois Law Trumps Meta’s California Choice-of-Law Provision in BIPA Class Action
U.S.: Texas AG Sues Shein Over Alleged Deceptive Practices and Data Privacy Risks
On February 20, 2026, Texas Attorney General Ken Paxton filed suit against Shein US Services, LLC, alleging false, deceptive, and misleading practices in violation of the Texas Deceptive Trade Practices Act. The complaint targets both product safety concerns and alleged misrepresentations regarding consumer data practices.
Shein, founded in China in 2008, is a global fast‑fashion
Continue Reading U.S.: Texas AG Sues Shein Over Alleged Deceptive Practices and Data Privacy Risks
EU-U.S. Data Privacy Framework Survives First Challenge
The EU General Court has dismissed a French MEP’s challenge to the EU-U.S. Data Privacy Framework (“DPF”) for the transfer of personal data between the European Union (“EU”) and the United States (“U.S”). While the decision is welcome news to organisations relying on the DPF for transfers underpinning their
Continue Reading EU-U.S. Data Privacy Framework Survives First Challenge
FTC Reiterates that Hashed and Pseudonymized Data is Still Identifiable Data
The Federal Trade Commission (FTC) reiterated its long-held view that hashing or pseudonymizing identifiers does not render data anonymous, in a post to its Technology Blog on July 24, 2024.
In the rather strongly worded post, while acknowledging that hashing and pseudonymizing data has the benefit of obscuring the underlying personal data, the FTC
Continue Reading FTC Reiterates that Hashed and Pseudonymized Data is Still Identifiable Data