April 2025

This Client Alert is a monthly update on privacy and cybersecurity developments as posted on our Privacy & Information Security Law Blog. If you would like to receive email alerts when new posts are published, please visit our blog and enter your email address in the subscribe field.

• CNIL Publishes 2024 Annual Activity Report
• NIST Releases Updated Privacy Framework
• CPPA Opens Formal Comment Period on Proposed Regulations for Data Broker Deletion Mechanism
• California Bill May Curb the Flood of “Abusive Lawsuits” Targeting “Standard Online Business Activities”
• FTC Publishes Final COPPA Rule Amendments
• European Commission Fines Apple and Meta for Non-compliance with the DMA
• Google Announces Next Steps for Privacy Sandbox and Tracking Protections in Chrome Browser
• Connecticut Office of the Attorney General Issues Annual Report on CTDPA Enforcement
• OCR Reaches Settlements with Northeast Radiology and Guam Memorial Hospital Over HIPAA Security Rule Violations
• European Commission Publishes the AI Continent Action Plan
• U.S. Federal Court Permanently Enjoins Ohio Social Media Age Verification Law From Taking Effect
• OMB Issues Revised Policies on AI Use and Procurement by Federal Agencies
• CPPA to Hold Board Meeting on Proposed CCPA Regulations
• Arkansas Amends Social Media Safety Act Following Permanent Injunction by Federal Court
• FTC to Host Workshop on “The Attention Economy” and Its Potential Impact on Children and Families
• Mexico Overhauls Federal Data Protection Law
• China Publishes Q&A on Administrative Policies for the Security of Cross-border Transfers
• California AG Appeals Decision Blocking Enforcement of Age-Appropriate Design Code Act
• Burdensome Portion of TCPA Rule Delayed Through April 2026
• DOJ Issues Guidance, FAQs and Implementation Policy on Bulk Transfers of Sensitive U.S. Personal and Government Data
• U.S. Senate Confirms Mark Meador as FTC Commissioner
• CPPA Proposes Key Updates to Cybersecurity, Risk Assessment and ADMT CCPA Regulations Following Public Comment
• DOJ Final Rule on Bulk Transfer of Sensitive U.S. Personal and Government Data to Countries and Persons of Concern Goes Into Effect
• CIPL Releases Paper on Privacy-Enhancing and Privacy-Preserving Technologies in AI: Enabling Data Use and Operationalizing Privacy by Design and Default
• UK Government Sets Out Scope for Cyber Security and Resilience Bill
• NIST Finalizes Cyber Attack Guidance for Adversarial Machine Learning
• ICO Fines Advanced Computer Software Group £3 Million Following Ransomware Attack
• China Regulator Proposes Amendments to Cybersecurity Law
• FTC Reaches $17 Million Settlement with Cash Advance Company Cleo AI