AI chatbots are transforming how businesses handle consumer inquiries and complaints, offering speed and availability that traditional channels often cannot match. However, the European Commission’s recent Digital Fairness Act Fitness Check has spotlighted a gap: EU consumers currently lack a
Inside Privacy
Updates on developments in data privacy and cybersecurity
Latest from Inside Privacy - Page 2
Nebraska Bans Minor Social Media Accounts Without Parental Consent

On May 20, 2025, Nebraska Governor Pillen approved LB 383, which imposes a broad range of restrictions on minors’ access online. In addition to a ban on artificial intelligence-generated child pornography, the law also requires parental controls over minor…
Home Pregnancy Test Company Wins Dismissal of Pixel Wiretapping Suit
Health-related websites are increasingly targeted with wiretapping suits if they use pixels or other third-party technologies to power their websites. A few months ago, a California court dismissed on multiple grounds one such suit challenging the use of website pixels…
New York Attorney General Issues Guidance on New York Child Data Protection Act
European Commission Publishes Q&A on AI Literacy
On May 7, 2025, the European Commission published a Q&A on the AI literacy obligation under Article 4 of the AI Act (the “Q&A”). The Q&A builds upon the Commission’s guidance on AI literacy provided in its webinar in February…
Court Grants Summary Judgment: Website Vendor Cannot Read “Session Replay” Data “In Transit” Under CIPA
“Session replay” software is one of many website analytics tools targeted in wiretapping suits under the California Invasion of Privacy Act (“CIPA”). Last month, a California federal court confirmed one of the many reasons why the use of this software…
European Commission Publishes Draft Guidelines on the Protection of Minors under the DSA
On May 13, 2025, the European Commission issued its draft Guidelines on the protection of minors online under the DSA (“the Guidelines”). The Guidelines aim to support providers of online platforms that are “accessible to minors” with meeting their obligation…
NIST Publishes Updated Incident Response Recommendations and Considerations
Earlier in April, the U.S. National Institute of Standards and Technology (“NIST”) published Special Publication (“SP”) 800-61, Incident Response Recommendations and Considerations for Cybersecurity Risk Management, Revision 3 (“NIST SP 800-61”). NIST SP 800-61 Revision 3 (“Revision 3”) is…
FTC Delays Negative Option Rule Compliance Date to July 14
On May 9, 2025, the FTC announced that it is deferring the compliance deadline for the Negative Option Rule by 60 days to July 14. This announcement came five days before the original compliance date for the majority of the…
Italian Garante Launches Public Consultation on the Implementation of “Pay or Ok” Models
On April 29, 2025, the Italian data protection authority (“Garante”) launched a public consultation to collect feedback from stakeholders about the so-called “Pay or Ok” model.
“Pay or Ok” refers to the concept of making access to a website’s content…