On Friday, October 17, 2025, U.S. District Court Judge Vince Chhabria issued a biting Order granting defendant Eating Recovery Center, LLC’s (“ERC”) motion for summary judgment on the plaintiff Jane Doe’s California Invasion of Privacy Act (CIPA) claims, a law enacted in 1967 to address the increasing use of wiretapping to eavesdrop on private phone
On July 24, 2025, the California Privacy Protection Agency (“CPPA”) unanimously voted to adopt a package of Proposed Regulations for the California Consumer Privacy Act (“CCPA”), marking a significant development in California privacy law. These cover Automated Decision-making Technology (“ADMT”), mandatory Cybersecurity Audits, Risk Assessments, and clarifications for the CCPA’s applicability to Insurance Companies. The package will move into its final review stage before formal enactment, once filed with the California Office of Administrative Law.
This is a clear signal that privacy compliance expectations in California are trending toward a more operational phase. The new rules are designed to give Californians greater control over how their personal information is used while pushing businesses toward higher levels of transparency and accountability, especially when automated decision-making and high-risk data processing is involved. For companies, this is more than just a theoretical update – it’s a clarion call to ensure these requirements are built into day-to-day governance, technology and process design, and vendor management practices.Continue Reading California Privacy Protection Agency (CPPA) Finally Voted to Adopt Much Debated Update to CCPA Regulations: What Your Business Should Know
Seyfarth Synopsis: In a significant decision for website operators, the Massachusetts Supreme Judicial Court clarified that tracking users’ web activity does not constitute illegal wiretapping under the state’s Wiretap Act. The court found that person-to-website interactions fall outside the Act’s scope, which focuses on person-to-person communications. However, the court emphasized that other privacy laws could still apply to such tracking practices. This ruling may influence how similar cases proceed nationwide and signals to the Massachusetts legislature that any broader restrictions on web tracking require explicit statutory action.Continue Reading Tracking Users’ Web Browsing Activity Does Not Constitute Illegal Wiretapping under Massachusetts Law
In recent years, privacy and cybersecurity consistently hit the top of legal leaders’ lists of their biggest concerns. In fact, a recent Association of Corporate Counsel Chief Legal Officers Survey found that, when rating a list of items on their importance to the business, CLOs placed cybersecurity, regulation and compliance issues, and data privacy as the top three most critical issues for the business.
Continue Reading Upcoming Event! Seyfarth Privacy Salon: Roundtable on Cross-Border Data Transfers, Privacy, and Cybersecurity
In today’s ever-evolving and interconnected world, trade secret protection demands proactive measures against both technological vulnerabilities and human threats. Join us for the fourth installment of our 2024 Trade Secrets Webinar Series, where our panel of seasoned trade secrets and cybersecurity attorneys will equip you with practical strategies to bolster your defenses.
Continue Reading Upcoming Webinar! Data Protection and Cybersecurity: Safeguarding Trade Secrets in the Digital Age
In a January 11, 2023 op-ed published in the Wall Street Journal, President Joe Biden urged “Democrats and Republicans to come together to pass strong bipartisan legislation to hold Big Tech accountable.” He warned that the “risks Big Tech poses for ordinary Americans are clear. Big Tech companies collect huge amounts of data” about
On 16 November 2022, EU Regulation 2022/2065, better known as the Digital Services Act (“DSA”), came into force. The DSA is a key development in the use of online services in the European Union (“EU”), with an impact on online services as significant as the one which the General Data Protection Regulation (“GDPR”) had upon the collection, use, transfer, and storage of data originating in the EU on 25 May 2018.
Ambit
The DSA sets out rules and obligations for digital services providers that act as intermediaries in their role of connecting consumers with goods, services, and content.
Its goal is to regulate and control the dissemination of illegal or harmful content online, provide more consumer protection in online marketplaces, and to introduce safeguards for internet users and users of digital services. It also introduces new obligations for major online platforms and search engines to prevent such platforms being abused.Continue Reading The EU Digital Services Act: Overview and Impact
Ransomware attacks have become one of the most common and pervasive cybercrimes perpetrated against U.S. companies. A bad actor, often from overseas, will gain access to upload malware onto a company’s network storage or application platforms that encrypts all files it can access. A message or text file is usually left with instructions on how to contact the attacker to pay a ransom for the decryption key. In the worst case, a ransomware attack can freeze the business operations by effectively removing access to the company’s critical systems and rendering them useless. Aside from the business impact, what legal implications are created by a ransomware attack?
The greatest legal concern is one of privacy. By definition, ransomware attacks gain access to the internal systems maintained or owned by a business. However, not all ransomware attacks are created equal and privacy obligations differ from one attack to another.Continue Reading Ransomware Attacks – Harmless Annoyances or Catastrophic Events?
On February 2, 2022, U.S. Rep. Bobby L. Rush introduced the Right to Equitable and Professional Auto Industry Repair (REPAIR) Act, H.R. 6570 (the “Act”), legislation that would require OEMs to make vehicle-generated data more available to vehicle owners. The Act also would pave the way for the Federal Trade Commission (FTC) and National Highway
Earlier this month, the New York Attorney General’s Office issued findings of its investigation into a data security incident involving EyeMed Vision Care LLC (“EyeMed”) as well as the agreement that it entered into with the company in exchange for not pursuing further statutory charges.[1] The settlement included a fine of $600,000, a marked