Data Privacy

Last month, the United States Court of Appeals for the Third Circuit, in an unpublished decision, undercut the latest attempt of the plaintiffs’ bar to penalize the common business practice of using tracking pixels on websites. These pixels are pieces of code created by third-party advertisers and analytics companies that can collect information about website visits such as a visitor’s IP address, when the visit occurred, and what links were clicked on within the site. Despite being used by most major U.S. businesses, tracking pixels have been increasingly targeted by plaintiffs for their alleged disclosure of certain information back to the company that operates them. Squire Patton Boggs’ Data Disputes team has significant experience defending these claims in litigation and arbitration (and obtaining dismissals for clients). 

Read on for more about the Third Circuit’s decision in this case.Continue Reading Third Circuit Strikes a Blow to Yet Another Attempt to Penalize the Use of Tracking Pixels

Mass arbitrations—where a plaintiffs’ firm brings dozens, hundreds, or thousands of identical claims against a business—is a mechanism increasingly relied upon by the plaintiffs’ bar in the past few years.  This is because mass arbitrations enable a plaintiffs’ firm to create settlement pressure by leveraging unavoidable arbitration fees borne by a business regardless of the merits of the claims filed.  Further powered by litigation funding, plaintiffs’ firms have used the mass arbitration device to bring vexatious claims and escape review of the merits or any downside risk.Continue Reading 2025 Mass Arbitration Year in Review

On 21 May 2025, the European Commission published a proposal for a new regulation aimed at simplifying several EU legal instruments, including targeted amendments to the General Data Protection Regulation (GDPR). The announced objective is to ease compliance obligations for small and medium-sized enterprises (SMEs) and extend certain regulatory benefits to small mid-cap companies (SMCs) (a category of businesses that often face comparable regulatory burdens to large corporations but lack equivalent resources). In the field of data protection, the proposal focuses on revising the obligation to maintain records of processing activities under Article 30 GDPR. It suggests raising the employee threshold for this obligation and clarifying that record-keeping would only be required when processing is likely to pose a high risk to individuals’ rights and freedoms.Continue Reading GDPR Relief for SMEs? EDPB and EDPS Weigh in on the EU’s Simplification Plans

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Light at the End of the Tunnel – Are You Ready for the New California Privacy and Cybersecurity Rules?

Join

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Join SPB’s Alan Friel and Lydia de la Torre at the California Lawyers Association Privacy Law Section’s 2025 Annual Privacy

We are pleased to announce that we will be participating in the California Lawyers Association Privacy Law Section’s 2025 Annual Privacy Summit in Los Angeles, CA.

Join Alan Friel for a session on CA Rulemaking: Unpacking the CCPA cybersecurity audit, privacy risk assessment regulations, and ADMT. The panel will review the draft ADMT regulations, interpret

In two recent proposed consent orders by the Federal Trade Commission (FTC or Commission), the agency has emphasized critical data governance practices that all data controllers should carefully consider. These cases, Gravy Analytics/Venntel and Mobilewalla, primarily focus on issues related to the brokerage of consumer mobile device location data and other adtech and data broker practices. However, the settlements, and the learnings that can be gleaned from them, are relevant beyond location data and these specific industries. Indeed, the data governance measures required of the respondents by the FTC signal the FTC’s thinking around what it considers proper data governance and privacy compliance programs, and can be used as a guide as to how companies in all industries should be framing such programs to both avoid FTC scrutiny and address compliance with the patchwork of state consumer privacy laws.Continue Reading What Should Data Controllers Take Away From Recent FTC Privacy Case Settlements?

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Never Beyond the Law – the Spanish AEPD’s Position on the Processing of Whistleblower Data | Privacy World

Singapore to

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

In Narrow Vote California Moves Next Generation Privacy Regs Forward | Privacy World

EDPB Versus Ireland? Does the Opinion on