Privacy & Information Security Law Blog

On July 10, 2025, the European Commission published the final version of the General-Purpose AI Code of Practice.  

On July 8, 2025, Connecticut Attorney General William Tong announced a settlement with TicketNetwork for alleged violations of the Connecticut Data Privacy Act.

On July 7, 2025, the UK Information Commissioner’s Office launched two new consultations related to its approach to enforcement under PECR with respect to online advertising and to certain proposed updates to its guidance on cookies following passage of the Data (Use and Access) Act 2025.

The New York legislature recently passed the Responsible AI Safety and Education Act, which regulates large developers of frontier AI models.  The bill awaits signature by the New York Governor.

On July 3, 2025, the European Data Protection Board issued the Helsinki Statement outlining new initiatives to make compliance with the GDPR easier and to strengthen consistency and boost cross-regulatory cooperation.

On July 1, 2025, the California Office of the Attorney General announced that the AG had reached a proposed settlement with Healthline Media LLC, the publisher of a website that provides medical and health-related information, over alleged violations of the California Consumer Privacy Act.

On June 27, 2025, the U.S. Supreme Court upheld, by in a 6-3 vote, H.B. 1181, a Texas law that requires certain commercial websites publishing sexually explicit content to verify that visitors are 18 years of age or older.

SolarWinds has reached an agreement in principle with the US Securities and Exchange Commission in the agency’s ongoing securities fraud lawsuit against the company and its former chief information security officer in connection with a series of cyberattacks against the company.

Maria Ibanez, Director of Innovation and Technology at PPU Legal, provides an overview of significant updates to Chile's cybersecurity law, highlighting its application to “essential service providers” in the electricity and banking sectors and imposing stricter obligations on “operators of vital importance”. This law introduces penalties for infractions, based on their severity, and establishes the National Cybersecurity Agency.

On June 27, 2025, the Cyberspace Administration of China released the third version of the Guidance on the Application for Security Assessment of Cross-border Data Transfers.