Privacy

For years, one of the most frequently litigated privacy laws has been the Video Privacy Protection Act (“VPPA”), 18 U.S.C. § 2710, a federal statute enacted in 1988 in response to the disclosure of then-Supreme Court nominee Robert Bork’s videotape rental history by a video store to a reporter, who published the list.  Despite its analogue origins, this decades-old statute has been used by the plaintiff’s bar (incentivized by the VPPA’s $2,500 per violation liquidated damages provision) in putative class action litigation brought against any business whose website contains playable videos and third-party cookies.

This past year, there were several significant court rulings in litigation under the VPPA.  These decisions addressed hotly contested VPPA elements while also laying the foundation for a potential circuit split.  Squire Patton Boggs’ globally ranked “Elite” Data Disputes team is well experienced defending businesses and their data practices, including in the realm of VPPA litigation and (mass) arbitration.  In this article, informed by our practical experience litigating and arbitrating VPPA cases, we: (I) provide a brief primer on VPPA elements and litigation theories, (II) cover a Second Circuit decision, and other district court decisions, on the definition of personally identifiable information under the VPPA (III) address decisions from the Sixth, Seventh, and D.C. Circuits on the scope of persons who can bring VPPA claims, and (V) give an update on a recent Eighth Circuit decision regarding which businesses are subject to the VPPA.  These areas are all likely to bear upon VPPA claims and ongoing litigation in 2026, making this a must read for in-house counsel and practitioners in this space.Continue Reading 2025 Video Privacy Protection Act Litigation Year in Review

Date: September 10, 2025 at 12:00 PM EDT

Format: Live Video

Duration: 1 Hour

Description: With limited federal regulation on consumer protection, data privacy, and AI, states are stepping in, creating a patchwork of laws that vary widely in scope and enforcement. While California and Colorado set high standards, other states like Maryland, Minnesota, and Oregon are introducing even stricter measures. Additional laws around consumer health data, data brokers, and child/teen online safety further complicate the landscape.

This panel will explore key differences and overlaps in state laws, highlight enforcement trends, and offer practical strategies for enterprises to implement privacy programs across states and globally. Attendees will receive comparison charts to support compliance efforts.Continue Reading State Privacy and AI Law Updates – A Live Legal Briefing You Won’t Want to Miss

The Australian Productivity Commission must have known that their interim report on harnessing data and digital technologies (the Report) would get attention. Before publication, the Australian Privacy Commissioner let on that she was “watching with interest to see if privacy is positioned as a barrier to, or an enabler of, a more trustworthy and productive digital economy”, while the Federal Treasurer highlighted that although legislation would matter, his government was “overwhelmingly focused on capabilities and opportunities, not just guardrails” in relation to AI technologies.Continue Reading Australian Privacy Law – Reforms on Pause, or Something Entirely New Altogether?

The Privacy Act 1988 (Cth) (Act) is one of the longest-standing pieces of national data protection legislation in the world, but – despite its name – it has been more concerned with regulating use of individuals’ personal data than granting them an actionable, stand-alone right to privacy.

However, as of June 2025, this has changed.

On July 24, the California Privacy Protection Agency Board unanimously voted to approve the May 9 draft of its proposed edits and additions to regulations under the California Consumer Privacy Act (CCPA), which we broke down in detail here.  There were 575 pages of comments from 70 commentators regarding that last set of changes, but staff concluded that no further changes were appropriate in response to these comments and the Board agreed.  So now, a final package will be prepared and presented to the Office of Administrative Law (OAL) to confirm the regulations are consistent with the CCPA and administrative procedures.  That package will include more detailed explanation of why rejected comments were rejected, with the goal of providing guidance especially regarding interpretation issues.  Assuming OAL approval, key implementation dates will be:Continue Reading New California Privacy Regulations Passed by Board

Nineteen states have followed the lead of California and passed consumer privacy laws.  Three went into effect this year and eight will become effective in 2025.  The remainder become effective in 2026.  Charts at the end of this post track effective dates (see Table 1) and applicability thresholds (see Table 2).  While there are many similar aspects to these laws, they also diverge from each other in material ways, creating a compliance challenge for organizations. In addition, there are other privacy laws pertaining specifically to consumer health data,[1] laws specific to children’s and minors’ personal data and not part of a comprehensive consumer privacy law,[2] AI-specific laws,[3] or laws, including part of overall consumer privacy laws, regulating data brokers[4] that enterprises need to consider. 

A recent article published by the authors in Competition Policy International’s TechReg Chronical details the similarities and differences between the 20 state consumer privacy laws and a chart at the end of this post provides a quick reference comparison of these laws (see Table 3).Continue Reading Are You Ready for The Latest U.S. State Consumer Privacy Laws?

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Never Beyond the Law – the Spanish AEPD’s Position on the Processing of Whistleblower Data | Privacy World

Singapore to

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

In Narrow Vote California Moves Next Generation Privacy Regs Forward | Privacy World

EDPB Versus Ireland? Does the Opinion on

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Ten Things About Artificial Intelligence (AI) for GCs in 2024 | Privacy World

CCPA Regs Effective Immediately, No One-Year Delay

On Friday, February 9, the Court of Appeal of the State of California sided with the California Privacy Protection Agency (“CPPA” or “Agency”), finding that a California Superior Court judge erred when he issued an order staying the Agency’s enforcement of the regulations promulgated pursuant to the CPRA’s amendments to the CCPA until March 29