In this episode of our special 12 Days of Regulatory Insights podcast series, Gene Fishel, a member of the firm’s RISE Practice Group and State AG team, is joined by Partner Dave Navetta of the Privacy + Cyber Practice Group, to discuss the biggest privacy and cyber enforcement themes of 2025 and preview what’s ahead for 2026.
Dave breaks down the surge of demand letters and lawsuits targeting website tracking technologies under wiretapping theories, and how regulators — especially in California — are stress-testing opt-out mechanisms, GPC signals, and consent tools. Gene adds a state AG enforcement perspective, highlighting recently utilized AG statutory tools and scrutiny around children’s data and opt-out mechanisms. Looking forward, Dave explains why 2026 will be a watershed year for data brokers, with California’s Delete Act and similar state frameworks poised to reshape “sale” practices and require ongoing checks of centralized opt-out platforms. The conversation closes with a preview of state AI laws taking effect in 2026 and what companies should be doing now to prepare.
Transcript: 12 Days of Regulatory Insights: Day 5 – Privacy Under the Microscope (PDF)