A federal court recently addressed whether plaintiffs alleging misleading commercial email practices in violation of Washington’s Commercial Electronic Mail Act (“CEMA”) have Article III standing to pursue claims. The ruling suggests that alleged violations of CEMA, standing alone, could constitute
Inside Privacy
Updates on developments in data privacy and cybersecurity
Inside Privacy, published by Covington & Burling LLP, focuses on legal developments and regulatory issues related to data privacy and cybersecurity. The blog covers topics such as GDPR enforcement actions, data breach investigations, privacy compliance strategies, and the intersection of privacy law with emerging technologies like artificial intelligence. It also addresses regulatory updates from authorities worldwide, including the European Commission and national data protection agencies. The blog provides analysis of privacy-related litigation, enforcement trends, and guidance on managing privacy risks in various sectors, including technology, healthcare, and advertising.
Blog Authors
Latest from Inside Privacy
ENISA’s NIS360 2026 report highlights both the criticality of the European space sector, and flags a persistent cybersecurity maturity gap
By Paul Maynard
On May 28, 2026, the European Union Agency for Cybersecurity (“ENISA”) published the third edition of its NIS360 report, an annual benchmarking tool that assesses the cybersecurity maturity of entities in the sectors set out in Annex I of…
Brazil Steps Up Regulation of Violence Against Women in the Digital Environment
On 20 May 2026, Brazil adopted Presidential Decree No. 12,976, establishing a comprehensive framework to address violence against women online. Adopted alongside a parallel decree (No. 12,975) reforming intermediary liability, it reflects a more assertive approach to…
EU AI Act Update: The European Commission Publishes Draft Guidelines on HRAIs
On 19 May 2026, the European Commission published its long-awaited draft, non-binding guidelines on the classification of high-risk AI systems (“HRAIs”) under the EU AI Act (the “Guidelines”). Across three documents—covering general principles, high-risk classification in the context of regulated…
Louisiana Enacts Comprehensive Privacy Law
White House Releases Executive Order on Advanced AI Innovation and Security
On June 2, 2026, the White House issued an executive order titled “Promoting Advanced Artificial Intelligence Innovation and Security” (the “Order”). The Order reflects the Administration’s stated policy of advancing U.S. leadership in artificial intelligence (“AI”) while addressing…
Illinois Department of Human Rights Seeks Public Comment on Draft AI Employment Regulations
Last month, the Illinois Department of Human Rights (“IDHR”) released draft regulations addressing employers’ use of AI in employment decisions and invited public comment. The IDHR will hold a hearing on the draft regulations on June 10, and the…
Connecticut Enacts Omnibus Privacy Law
On May 27, 2026, the Connecticut governor signed SB 4, an omnibus privacy law, which among other things, amends the Connecticut Data Privacy Act (“CTDPA”), establishes a data broker registry and accessible deletion mechanism, imposes restrictions on the use…
Connecticut Enacts Genetic Privacy Law
States continue to enact laws regulating genetic data. Since our last update, the Connecticut governor has signed SB 4, an omnibus privacy law which contains provisions regulating direct-to-consumer (“DTC”) genetic testing companies. You can read our full analysis…
CISA Releases Guidance on the Careful Adoption of Agentic AI Services
Earlier this month, the Cybersecurity & Infrastructure Security Agency (CISA), in collaboration with the National Security Agency and other international partners, released guidance for organizations on adopting agentic artificial intelligence systems (i.e., systems composed of one or more agents that…