An estimated 87% of companies now using AI-driven tools in their recruitment processes, and that figure has nearly doubled in just two years. AI-powered platforms can ingest millions of candidate profiles, enrich them with publicly available data, and deliver algorithmically ranked shortlists to employers far faster than a human recruiter. But, with that capability comes... Continue Reading…More

Among US states, California is the only one that treats employees as full “consumers,” providing them the right to an employee notice and an applicant notice and employee rights. While California enforcement has not yet focused squarely on employer practices, a fresh call for public comments from CalPrivacy on how to strengthen employee privacy notices... Continue Reading…More

The plaintiffs’ bar has been ramping up lawsuits under the California Invasion of Privacy Act (CIPA) and federal and state wiretapping statutes for years, and the wave is not receding. Tens of thousands of claims have been filed since 2022, with CIPA wiretapping continuing to accelerate in recent months. Meanwhile, plaintiffs are branching out beyond... Continue Reading…More

The plaintiffs’ bar has been ramping up lawsuits for alleged violations of state and federal wiretapping laws (e.g., California CIPA, Florida SCA, Federal ECPA) for many months now. Historically, the main issue has been that the defendant did not get the necessary consent because they did not try to do so, meaning there was no... Continue Reading…More

In a recent decision out of the Northern District of California, the court held that a website operator’s privacy policy, even one presented in a passive, browse wrap-style hyperlink, can defeat the delayed discovery doctrine and render claims under the Electronic Communications Privacy Act (ECPA) and the California Invasion of Privacy Act (CIPA) time-barred. Importantly,... Continue Reading…More

By Odia Kagan How far does a platform’s responsibility extend when a user posts someone else’s personal data in a classified ad, especially one involving sensitive subject matter like sex work? The Italian Data Protection Authority (Garante) recently fined online classifieds platform Bakeca S.r.l. after an unknown user published two ads, including an explicit offer... Continue Reading…More

A new federal court decision denied a motion to dismiss in a case alleging Federal Electronic Communications Privacy Act (ECPA) claims arising from the sharing of health information through a website’s online tracking technology. What does this case teach and what should healthcare companies be doing about it? Recap of ECPA Online Tracker Claims Over... Continue Reading…More

The FTC just published its Strategic Plan for FY 2026–2030. What does it actually mean for privacy compliance? Quite a lot, as it turns out. Here’s a breakdown. Telemarketing Still a top priority. The plan doubles down on unlawful robocalls and the Do Not Call Registry. What to do: Button up your TCPA texting consents.... Continue Reading…More

As hospitality businesses increasingly rely on digital tools, automation, biometrics, and AI‑enabled services, their collection and use of personal data has expanded significantly. With that expansion comes a corresponding rise in legal and regulatory obligations – and risks. Below are key takeaways from a webinar I presented today with Carolyn D. Richmond on how privacy... Continue Reading…More

On March 18, 2026, Senator Marsha Blackburn (R-TN) introduced the TRUMP AMERICA AI Act: formally, The Republic Unifying Meritocratic Performance Advancing Machine Intelligence by Eliminating Regulatory Interstate Chaos Across American Industry Act. This massive, 291 page bill sets out to establish the first comprehensive federal framework for artificial intelligence regulation in the United States. The... Continue Reading…More