On March 21, the Ontario’s Bill 149, Working for Workers Four Act, 2024 (“Bill 149”) received Royal Assent.
AI and Job Postings: Navigating Ontario’s Upcoming Requirements
Latest from Data Protection Report
FTC’s COPPA Rule changes include AI training consent requirement
The Federal Trade Commission has published a Final Rule relating to changes in the Children’s Online Privacy Protection Act (“COPPA”) regulations, which will go into effect on Monday, June 23, 2025. The final Rule generally provides 365 days from the final Rule’s publication date (April 22, 2025) to come into full compliance. The Final Rule
Generative AI: Updated global guide to key IP considerations
Generative AI systems are trained using vast amounts of data, often taken from sources in the public domain that may be protected by copyright or other intellectual property rights. So could training a generative AI system using publicly accessible copyright work constitute an infringement? And could the output infringe?
Our global guide has just been
AI literacy – the Commission’s pointers on building your programme
The EU AI Act’s AI literacy obligation applied from 2 February 2025. This applies to anyone doing anything with AI where there is some connection to the EU – to providers and deployers of any AI systems.
The AI Act gives little away on what compliance would look like though. Fortunately, the Commission’s AI Office
The California Privacy Protection Agency may be clicking through your website
The California Privacy Protection Agency (CPPA) just issued its second enforcement action under the CCPA and the message is clear: the CPPA is looking at your digital properties and tallying up the violations. Your website is more than a marketing tool; it is a compliance obligation.
Todd Snyder, a fashion brand under American Eagle, got hit
Navigating regulatory challenges in data centres
Businesses investing in, financing or operating data centres face a complex matrix of laws and regulatory requirements. Ensuring compliance is important for lender and investor due diligence and is crucial to avoiding fines, penalties and contractual or regulatory breaches that can significantly impact the business and any investment in, or financing of, data centres.
NT Analyzer can help determine “data broker” status under the new Bulk Data Transfer requirements
Even if your business only sells goods or services in the U.S., your business may be a “data broker” under the new bulk data regulations, according to an April 11, 2025 Compliance Guide issued by the U.S. Department of Justice, if consumer data is being transmitted to countries of concern. That guidance states in part:
North Dakota law heightens data security requirements for some financial institutions
Background
On January 7, 2025, North Dakota’s House Industry, Business, and Labor Committee introduced HB 1127, at the request of the Department of Financial Institutions. HB 1127 successfully passed through both legislative chambers and was signed into law by the Governor on April 11, 2025. This new law focuses on data security requirements for certain
NT Analyzer adds JavaScript file analysis feature
In addition to NT Analyzer recently adding API mapping to its complement of services, we have also incorporated JavaScript file analysis targeting those JavaScript files that are downloaded to a user’s browser from third-party remote hosts while navigating a company’s website.
Third-party JavaScript can obtain deep access to a user’s browsing experience, including data that
NT Analyzer adds API mapping feature
This month, we have added “API mapping” and “JavaScript file analysis” as core components of the NT Analyzer tool suite. This post explains what API Mapping is and how the feature provides critical insights regarding the transmission and processing of user data (a subsequent blogpost will address JavaScript file analysis).
NT Analyzer is a privacy