Privacy & Information Security Law Blog

On January 29, 2025, the California Privacy Protection Agency announced that it had reached a settlement with Connecticut-based data broker Key Marketing Advantage, LLC, resolving the fifth action against a business  for its alleged failure to register as a data broker, as required under California’s Delete Act.

On January 31, 2025, the UK government published the Code of Practice for the Cyber Security of AI and the Implementation Guide for the Code. 

On January 29, 2025, the United States Court of Appeals for the Ninth Circuit enjoined California from enforcing the Protecting Our Kids from Social Media Addiction Act in its entirety, pending a challenge to the law brought by NetChoice.

On January 14, 2025, the Federal Trade Commission announced that it had issued final orders against data brokers Gravy Analytics, Inc. and Mobilewalla, Inc. for the collection, use, and sale of consumers’ precise geolocation data.

New York Attorney General Letitia James announced a $450,000 settlement with three companies distributing eufy home security video cameras—Fantasia Trading LLC, Power Mobile Life LLC and Smart Innovation LLC—following an investigation into the security of their Internet-enabled video products.

On January 24, 2025, the UK Information Commissioner’s Office published a letter setting out proposals to boost business confidence, improve the investment climate, and foster sustainable economic growth in the UK.

On February 2, 2025, the EU AI Act’s rules on AI literacy, along with the prohibition of certain types of AI system, became applicable in the EU.

On December 21, 2024, New York Governor Kathy Hochul signed a flurry of privacy and social media bills, including Senate Bill 895B, Senate Bill 5703B, Senate Bill 2376B and Senate Bill 1759B.

On January 28, 2025, the Italian Data Protection Authority announced that it had launched an investigation into the data processing practices of Hangzhou DeepSeek Artificial Intelligence and Beijing DeepSeek Artificial Intelligence.

New York Governor Kathy Hochul recently signed into law several bills (S2659B and S2376B) modifying the state’s breach notification law. The amendments revise the timing requirements for notice to affected individuals, expand the list of regulators to be notified, and add new data elements to New York’s definition of “private information.”