On April 21, 2025, Arkansas Governor Sarah Huckabee Sanders signed three laws expanding privacy protections for children and teens. The Content Creation Protection Act passed the legislature and is pending signature. This blog summarizes the statutes’ key takeaways.
Inside Privacy
Updates on developments in data privacy and cybersecurity
Blog Authors
Latest from Inside Privacy
Montana Passes Amendments to Consumer Data Privacy Act

On April 15, 2025, the Montana legislature unanimously passed Montana SB 297, a bill that would amend the Montana Consumer Data Privacy Act (“MTCDPA”) with provisions expanding online data protections for minors, narrowing the exemptions under the Gramm-Leach-Bliley Act,…
Implied Consent to Privacy Policy in Webpage Footer Forecloses Website Wiretapping Claim
Does a plaintiff’s use of a website constitute consent to a privacy policy linked in the website’s footer? A Pennsylvania federal court answered yes in Popa v. Harriet Carter Gifts, Inc., 2025 WL 896938 (W.D. Pa. Mar. 24, 2025), granting…
Another California Court Rejects Privacy Claims Targeting Online Chat Feature
Plaintiffs’ lawyers have continued to bring privacy claims targeting businesses that use vendors to help provide beneficial chat features on their website, as we last reported here. Late last year, a Southern District of California judge dismissed another set…
French CNIL Issues Draft Guidance On The Use of Location Data From Connected Vehicles
On March 25, 2025, the French data protection authority (“CNIL”) published a draft recommendation on the use of location data from connected vehicles (the “Recommendation” – see here in French). The Recommendation is open for public consultation until May 20,…
Digital Fairness Act Series – Topic 1: Influencer Marketing
The European Commission (“Commission”) is working on a new EU consumer protection law called the Digital Fairness Act (“DFA”) to better protect consumers in the digital space. The DFA is expected to regulate, among other things, influencer marketing.
With EU…
South Africa Introduces Mandatory e-Portal Reporting for Data Breaches
On April 7, 2025, South Africa’s Information Regulator announced a new requirement for organizations to report data breaches—referred to under local law as “security compromises”—via an online eServices Portal. The announcement marks a significant procedural shift in how companies…
California Court Holds Plaintiffs’ Consent Defeats Claims Involving Use of Website Pixel
Early this month, a Northern District of California judge dismissed, with prejudice, a putative class action complaint asserting five privacy-related causes of action, concluding the “issue of consent defeat[ed] all of Plaintiffs’ claims.” Lakes v. Ubisoft, Inc., –F. Supp. 3d–,…
Utah Enacts App Store Accountability Act
On March 26, 2025, Utah Governor Spencer Cox signed into law SB 142, the App Store Accountability Act (the “Act”), enacting the country’s first state law that requires app store providers to verify the age of all users and…
Recording of Customer Service Call “Not Private or Personal Enough” to Confer Article III Standing
Many businesses use customer support software that may include call recording features to help ensure a better customer service experience. A California federal court dismissed a wiretapping lawsuit filed against a software company offering this software tool (TalkDesk), holding that…