Did we miss you November 20th for our Navigating the App Store Age Verification Laws webinar? Not to worry! See link below to the recording

Watch Kyle Fath, Partner (Los Angeles), for a webinar discussion with Hailun Ying (Head of PrivSec Legal, Roblox), Amy Lawrence (Head of Legal, Chief Privacy Officer, SuperAwesome) where we dove into the burning topics that are (or should be) top of mind for app stores and companies that own or operate mobile apps.

Click here to watch full webinar.

December 3, 2025, at 10:00 am – 5:00 pm ET

National Business Institute is holding a live webinar “Business Data Privacy and Cybersecurity Tool Kit” on December 3rd. Join Julia Jacobson, Partner (New York) and Matthew Flora, Managing Director for the Ankura Consulting Group, LLC, for the following sessions:

II. Identifying Vulnerabilities: Business Data Audits 11:00 am ET

VI. Breach Response and Incident Reporting: What to Do First and Next 2:45 pm ET

For more information, click here.

December 8, 2025, at 1:00 pm ET

Join Alan Friel, Partner (Los Angeles) and Lydia de la Torre, Of Counsel (Palo Alto) on the panel for “Essential Elements of a Privacy Notice for Connected Devices” at PLI California (455 Market Street, San Francisco) as part of PLI’s Advanced Internet of Things 2025: Deeper Dive, Practical Wisdom program.

January 7, 2026, at 1:00 pm ET

Join Alan Friel, Partner (Los Angeles), Kyle Fath, Partner (Los Angeles), and Jennifer Oliver, Shareholder with Buchanan Ingersoll & Rooner PC for “New California Cybersecurity and Data Privacy Laws,” a Strafford Live CLE Webinar.

For more information click here

February 20, 2026 at 10:00 am – 1:15 pm ET

Join Julia Jacobson, Partner (New York) and the National Business Institute for a live webinar discussion on “Data Security: A Business Attorney’s Guide“. Julie will be speaking at the following sessions:

I. “Core Data Security Concepts and Current Laws” 10:00 am ET

IV. “Breach Response and Litigation” 12:30 pm ET

For more information, click here.

Stay Ahead on Consumer Privacy News

Not a subscriber yet? Subscribe here to be among the first to receive timely updates on the fast-moving world of data privacy, security, and innovation—delivered straight to your inbox.

Looking for deeper insights and expert analysis? You can also subscribe here to our privacy attorney’s marketing communications for thought leadership and rich content when you need a more comprehensive perspective.

On November 13, 2025, the Government of India formally brought into effect the much-awaited Digital Personal Data Protection Rules, 2025 (Rules). The Rules enforce the Digital Personal Data Protection Act, 2023 (DPDP Act) and provide practical guidance on how to comply with certain provisions of the DPDP Act. Together, they implement binding legislation that regulates the management of digital personal data[1] in and from India.

Continue Reading India Passes the Digital Personal Data Protection Rules, Ushering in a New Digital Age in India 

We have previously covered the recent changes to the California Consumer Privacy Act (CCPA) regulations, and summarized the changes companies need to make to be 2026-ready under them and other state consumer privacy laws that have recently or will soon become effective.  In a recent guidance document, CalPrivacy highlights “seven things businesses should know and prepare for,” which are:

Continue Reading CalPrivacy Highlights Regulatory Changes for 2026

On January 1, 2026, the first of four state app store age verification laws – which are relevant regardless of your target audience – will come into effect. Join us for a webinar discussion on Thursday, November 20 at 1PM ET/10AM PT with Hailun Ying (Head of PrivSec Legal, Roblox), Amy Lawrence (Head of Legal, Chief Privacy Officer,  SuperAwesome), and Kyle Fath (Partner, Squire Patton Boggs) where we’ll dive into the burning topics that are (or should be) top of mind for app stores and companies that own or operate mobile apps.  Among other things, we plan to cover:

  1. Age assurance requirements and parental consent obligations for app downloads, purchases, and in-app purchases
  2. Requirements to refresh parental consent upon making privacy, monetization, and other “significant changes” to your apps
  3. Restricting minors from downloading apps
  4. Privacy compliance and other regulatory impacts of receiving age information from app stores
  5. Liability and safe harbors (including Utah’s private right of action with statutory damages)
  6. App store technical documentation and implementation requirements for developers
  7. Legal challenges to Texas’ law

Click here to register.

CLE credit available in AZ, CA, NJ, NY, OH, PA, and TX.

In the meantime, for more information on these laws, see the detailed FAQ we recently published on Privacy World.

On October 29, 2025, the Federal Communications Commission (FCC) released a Further Notice of Proposed Rulemaking (FNPRM) reconsidering certain Telephone Consumer Protection Act (TCPA) consent revocation rules. This action follows the agency’s ongoing “Delete, Delete, Delete” initiative aimed at eliminating outdated regulations and clearing a backlog of petitions, 13 of which date from 2012 to 2021. The FNPRM was unanimously adopted by the Commission on October 28, 2025 and published with key amendments.

Continue Reading FCC Proposes Amendments to TCPA Consent Revocation Rules; Proposed Changes to DNC Rules Deleted from Final Text

The last several weeks have been eventful for online safety and age assurance, particularly with respect to U.S. app store age verification laws: Apple and Google unveiled some of their plans for addressing these laws on Oct. 8; Governor Newsom signed the Digital Age Assurance Act into law on October 13; and on October 16, an industry organization lodged a constitutional challenge against Texas’ law (SB2420).  Below, we provide a handy FAQ with questions and answers on issues that many likely have regarding these laws, the app stores’ guidance, and the legal challenge to the Texas law.

Mobile app operators: take note. Regardless of your company’s target audience, you will be required to take technical and operational steps to comply with these laws.

Continue Reading App Store Age Verification Laws: Your Questions, Answered.

The Federal Communications Commission (“FCC” or “Commission”), under the leadership Chairman Brendan Carr, has been engaged in effort to simplify, streamline or eliminate regulatory requirements in all areas of the agency’s jurisdiction. Last week, the agency released a draft Further Notice of Proposed Rulemaking (“FNPRM”) that is part of an ongoing FCC effort to modernize consumer protection frameworks, reduce unnecessary burdens on lawful business communications, and strengthen tools against unlawful robocalls. If adopted, the proposal could materially reshape key compliance obligations under the Telephone Consumer Protection Act (“TCPA”) and Do Not Call (“DNC”) rules.

Continue Reading FCC Proposes Eliminating and Streamlining TCPA and DNC Rules

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Your Year-end U.S. Privacy “To Do” List – don’t wait until the holiday crush to become 2026-ready

California Privacy Agency Rolls Out New Regulations and Approves $1.35 Million Penalty in Latest CCPA Enforcement Action

The California Consumer Privacy Act (CCPA) requires that privacy notices be updated annually, and that the detailed disclosures it proscribes be in those notices reflect the 12-month period prior to the effective (posting) date. Interestingly, failure to make annual updates was one of several alleged CCPA violations that resulted in a recent $1.35 Million administrative civil penalty by the California Privacy Protection Agency (CPPA) against retailer Tractor Supply Company. Also, three more state consumer protection laws go into effect on January 1, 2026, which will require notice and consumer rights intake changes, if applicable. Additionally, new and amended CCPA regulations will bring new obligations for businesses starting the first of the year that need to be addressed between now and then. Also recommended is a general checkup with particular attention to enforcement priorities. Here are some things to do in preparation for 2026:

  • Assess which of the 20 state consumer privacy laws (CPLs) apply to your business, and update notices and rights request processes to identify which apply and address material differences in what each requires.
  • Consider new or modified data practices initiated in 2025, or under consideration to be introduced in 2026, complete risk assessments on them, and update the privacy notice to reflect at least the preceding 12-month period.
  • Implement a data processing risk assessment program, or revise the current process to reflect the new CCPA requirements, effective January 1.
  • Confirm you have contracts in place containing data protection terms required by CCPA and other CPLs with parties that receive (or access) your personal data – an ongoing California enforcement priority. Have these organized by service provider / processor or third party and be prepared to produce them upon regulatory inquiry.
  • Employers, especially in California, need to address use of automated decision-making tools. This will become an even more complex and time urgent matter for California employers if Governor Newsome does not veto SB-7 (the “No Robo-Bosses” Act), which would become effective January 1 and add even further requirements and restrictions on technology-assisted HR decision-making. (Note: An inadequate privacy notice and rights request process for personnel was another basis for the Tractor Supply penalty.)
  • Review your tracking technologies and cookie banner(s) and preference tool(s) to support a defense to wiretapping (e.g., CIPA) claims and comply with CPL notice and opt-out requirements, including browser privacy control signals, as explained here.
  • If you process personal data of minors, consumer health data, precise location data, biometric data, or other sensitive personal data, consider the legal requirements and limitations that have been evolving in recent years and the growing application of consumer protection law principles to limit unexpected uses.
  • Revisit and update your information governance roadmap or project plan and seek budget for 2026 initiatives. This should include:
  • Consider Privacy Powered by SPB forms, templates, and guidance materials to help support your program and conduct a stakeholder survey to assess actual practices and knowledge of policies and procedures.

Many companies go on website code lock in mid-November, and Q4 is a hectic time between year-end financial closings and the holidays, so give yourself enough time to get revisions to notices, policies, and tools updated and published. Update your information governance roadmap for 2026 to reflect new laws, regulations, and enforcement trends and be sure your budget for next year reflects these needs.

For more information, contact the author or your Squire Patton Boggs relationship partner.

Disclaimer: While every effort has been made to ensure that the information contained in this article is accurate, neither its authors nor Squire Patton Boggs accepts responsibility for any errors or omissions. The content of this article is for general information only, and is not intended to constitute or be relied upon as legal advice.