“Session replay” software is one of many website analytics tools targeted in wiretapping suits under the California Invasion of Privacy Act (“CIPA”). Last month, a California federal court confirmed one of the many reasons why the use of this software
Inside Privacy
Updates on developments in data privacy and cybersecurity
Blog Authors
Latest from Inside Privacy
European Commission Publishes Draft Guidelines on the Protection of Minors under the DSA
On May 13, 2025, the European Commission issued its draft Guidelines on the protection of minors online under the DSA (“the Guidelines”). The Guidelines aim to support providers of online platforms that are “accessible to minors” with meeting their obligation…
NIST Publishes Updated Incident Response Recommendations and Considerations
Earlier in April, the U.S. National Institute of Standards and Technology (“NIST”) published Special Publication (“SP”) 800-61, Incident Response Recommendations and Considerations for Cybersecurity Risk Management, Revision 3 (“NIST SP 800-61”). NIST SP 800-61 Revision 3 (“Revision 3”) is…
FTC Delays Negative Option Rule Compliance Date to July 14
On May 9, 2025, the FTC announced that it is deferring the compliance deadline for the Negative Option Rule by 60 days to July 14. This announcement came five days before the original compliance date for the majority of the…
Italian Garante Launches Public Consultation on the Implementation of “Pay or Ok” Models
On April 29, 2025, the Italian data protection authority (“Garante”) launched a public consultation to collect feedback from stakeholders about the so-called “Pay or Ok” model.
“Pay or Ok” refers to the concept of making access to a website’s content…
Clothing Retailer, Todd Snyder, Inc., Settles CPPA Allegations Regarding California Consumer Privacy Act Violations
U.S. Congress Passes Bill Establishing Notice and Takedown Regime for Publication of Nonconsensual Intimate Visual Depictions
On April 28, the House of Representatives voted 409-2 to pass the Tools to Address Known Exploitation by Immobilizing Technological Deepfakes on Websites and Networks Act (“TAKE IT DOWN Act”), which criminalizes the publication of nonconsensual intimate visual depictions (“NCII”)…
Arkansas Advances Children and Teen Privacy Laws
On April 21, 2025, Arkansas Governor Sarah Huckabee Sanders signed three laws expanding privacy protections for children and teens. The Content Creation Protection Act passed the legislature and is pending signature. This blog summarizes the statutes’ key takeaways.…
Montana Passes Amendments to Consumer Data Privacy Act

On April 15, 2025, the Montana legislature unanimously passed Montana SB 297, a bill that would amend the Montana Consumer Data Privacy Act (“MTCDPA”) with provisions expanding online data protections for minors, narrowing the exemptions under the Gramm-Leach-Bliley Act,…
Implied Consent to Privacy Policy in Webpage Footer Forecloses Website Wiretapping Claim
Does a plaintiff’s use of a website constitute consent to a privacy policy linked in the website’s footer? A Pennsylvania federal court answered yes in Popa v. Harriet Carter Gifts, Inc., 2025 WL 896938 (W.D. Pa. Mar. 24, 2025), granting…