Privacy

Agentic AI: the ICO’s early thoughts on the data protection implications

By Marcus Evans (UK) & Rosie Nance on January 12, 2026

The ICO has kicked off 2026 with sharing its early thoughts on the data protection implications of agentic AI in its ICO tech futures: Agentic AI report. The report considers the novel data protection risks presented by agentic AI.

Text messages and the new Texas registration requirement

By David Kessler (US), Susan Ross (US) & Herwin Jorsling (US) on September 30, 2025

On September 1, 2025, Texas amended its telephone solicitation law to include text messages and to add several new requirements, including a registration requirement with the Texas Secretary of State, plus a form of security (such as a bond) in…

The Healthline Order: Privacy law grows teeth

By Steve Roosa (US), Philip Hodgkins (US) & Susan Ross (US) on July 11, 2025

The proposed $1.55 million CCPA settlement with Healthline is not just the largest of its kind to date – it is, more importantly, it marks a pivotal evolution in how American regulators are approaching consumer privacy enforcement.

The facts are…

AI Armageddon Series

By Steve Roosa (US) on June 30, 2025

The biggest AI privacy problems no one is talking about: Installment 1: The Agent2Agent (“A2A”) Protocol

In the privacy world, everyone is focused on fairness, bias, and data scraping. These issues, however, are not even among the top 3 AI…

CJEU Advocate General clarifies when pseudonymised data falls outside the definition of personal data

By Marcus Evans (UK), Rosie Nance & Alice Knowles on February 10, 2025

On 5 February 2025, the Advocate General of the Court of Justice of the European Union (CJEU) issued its opinion in the case of C 413/23 P European Data Protection Supervisor (EDPS) v Single Resolution Board…

Online Safety Act: Protecting Children from Harmful Content Online – Ofcom’s Guidance on Age Assurance for Part 3 Services

By Farah Mukaddam (UK), Marcus Evans (UK) & Rosie Nance on January 28, 2025

Ofcom has published its guidance for implementing age assurance measures for regulated service providers. User-to-user (U2U) services and search services take note: a decision not to implement highly effective age assurance measures means that your service may be deemed by…

Abstract neural network. Big data concept. Global database and artificial intelligence. Bright, colorful 3D illustration with bokeh effect

FTC finalizes COPPA rule amendments

By Steve Roosa (US), Philip Hodgkins (US), Susana Medeiros (US) & Wenda Tang (US) on January 22, 2025

On January 16, 2025, the Federal Trade Commission (FTC) announced significant amendments to the Children’s Online Privacy Protection Act (COPPA) Rule after a comprehensive review that began in 2019. This marks the first major update since 2013 and represents a…

Facial recognition and privacy: Updated OAIC guidance

By Lisa Fitzgerald on December 11, 2024

The Office of the Australian Information Commissioner (OAIC) has issued guidance to private sector organisations who are considering using facial recognition technology (FRT) for identification purposes in commercial or retail settings. The guidance follows a determination of the Privacy Commissioner…

Australian Privacy Alert: Parliament passes major and meaningful privacy law reform

By Lisa Fitzgerald on December 11, 2024

On 29 November 2024, the first tranche of sweeping Australian privacy reforms under the Privacy and Other Legislation Amendment Bill 2024 (Cth) (Bill) passed both Houses of Parliament. We previously considered the Bill when it was tabled on 12 September…

TR v Land Hessen – DPA not obliged to fine under the GDPR

By Shan Nanayakkara on December 3, 2024

By Shan Nanayakkara

In TR v Land Hessen (C‑768/21) the European Court of Justice (“ECJ”) found that following a personal data breach, a supervisory authority is under no obligation to exercise its corrective powers, specifically the power to…

Data Protection Report