On June 10, 2025, the Finnish Data Protection Ombudsman published a decision (in FI) where it found that the processing of personal data for enforcing parking violations was unlawful because the enforcement mechanism was not described in the parking rental agreement. This recent decision is a striking example of how data protection and consumer protection
Inside Privacy
Updates on developments in data privacy and cybersecurity
Latest from Inside Privacy
Overview of Key CJEU Rulings on EU Consumer Protection Law of May 2025
In May 2025, the Court of Justice of the EU (“CJEU”) ruled on five cases applying EU consumer protection law. This blog post provides an overview of the decisions.
- Three of these cases relate to the EU Unfair Contract Terms Directive (“UCTD”), which protects consumers from unfair terms in contracts with businesses. It applies to
…
European Commission Guidelines on Prohibited AI Practices under the EU Artificial Intelligence Act
In February 2025, the European Commission published two sets of guidelines to clarify key aspects of the EU Artificial Intelligence Act (“AI Act”): Guidelines on the definition of an AI system and Guidelines on prohibited AI practices. These guidelines are intended to provide guidance on the set of AI Act obligations that started to…
CJEU Receives Questions on Copyright Rules Applying to AI Chatbot
On April 3, 2025, the Budapest District Court made a request for a preliminary ruling to the Court of Justice of the European Union (“CJEU”) relating to the application of EU copyright rules to outputs generated by large language model (LLM)-based chatbots, specifically Google’s Gemini (formerly Bard), in response to a user prompt. This Case…
Global CBPR and PRP Certifications Launched: A New International Data Transfer Mechanism
On June 2, 2025, the Global Cross-Border Privacy Rules (“CBPR”) Forum officially launched the Global CBPR and Privacy Recognition for Processors (“PRP”) certifications. Building on the existing Asia-Pacific Economic Cooperation (“APEC”) CBPR framework, the Global CBPR and PRP systems aim to extend privacy certifications beyond the APEC region. They will allow controllers and processors…
Cookie Documentation – Funnel – Confluence Digital Fairness Act Series: Topic 2 – Transparency and Disclosure Obligations for AI Chatbots in Consumer Interactions
AI chatbots are transforming how businesses handle consumer inquiries and complaints, offering speed and availability that traditional channels often cannot match. However, the European Commission’s recent Digital Fairness Act Fitness Check has spotlighted a gap: EU consumers currently lack a cross-sectoral right to demand human contact when interacting with AI chatbots in business-to-consumer settings. It…
Nebraska Bans Minor Social Media Accounts Without Parental Consent
On May 20, 2025, Nebraska Governor Pillen approved LB 383, which imposes a broad range of restrictions on minors’ access online. In addition to a ban on artificial intelligence-generated child pornography, the law also requires parental controls over minor social media accounts. Nebraska joins at least two other states that have passed bans on…
Home Pregnancy Test Company Wins Dismissal of Pixel Wiretapping Suit
By Divya Bhat & Matthew Verdin
Health-related websites are increasingly targeted with wiretapping suits if they use pixels or other third-party technologies to power their websites. A few months ago, a California court dismissed on multiple grounds one such suit challenging the use of website pixels by Clearblue, a company that offers home pregnancy and fertility test kits. Saedi v. SPD…
New York Attorney General Issues Guidance on New York Child Data Protection Act
On May 19, 2025, New York’s Office of the Attorney General (“OAG”) published new guidance on the New York Child Data Protection Act (the “Act”), which becomes effective on June 20, 2025. As we reported last summer, the OAG released an Advanced Notice of Proposed Rulemaking addressing the Act on August 1, 2024. The OAG…
European Commission Publishes Draft Guidelines on the Protection of Minors under the DSA
By Dan Cooper & Laura Somaini
On May 13, 2025, the European Commission issued its draft Guidelines on the protection of minors online under the DSA (“the Guidelines”). The Guidelines aim to support providers of online platforms that are “accessible to minors” with meeting their obligation to ensure “a high level of privacy, safety, and security” for minors under Article 28(1)…