On May 29, 2026, the Governor of Louisiana signed into law SB 386, the Louisiana Data Privacy Act (“LDPA”). Louisiana joins Alabama and Oklahoma as the third state to enact a comprehensive privacy law this year. The law will take effect on January 1, 2027.
Inside Privacy
Updates on developments in data privacy and cybersecurity
Illinois Department of Human Rights Seeks Public Comment on Draft AI Employment Regulations
Last month, the Illinois Department of Human Rights (“IDHR”) released draft regulations addressing employers’ use of AI in employment decisions and invited public comment. The IDHR will hold a hearing on the draft regulations on June 10, and the public comment period will close on June 29.
Background
HB 3773 (the “Amendment”), which amended…
Connecticut Enacts Genetic Privacy Law
States continue to enact laws regulating genetic data. Since our last update, the Connecticut governor has signed SB 4, an omnibus privacy law which contains provisions regulating direct-to-consumer (“DTC”) genetic testing companies. You can read our full analysis of SB 4 here.…
CISA Announces Revised Schedule of Town Halls for CIRCIA Rulemaking
On May 26, 2026, the Cybersecurity & Infrastructure Security Agency (“CISA”), announced a revised schedule of virtual town halls as part of its rulemaking implementing the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”). These town halls were initially scheduled for March and April 2026 but were delayed by the lapse in funding…
EU Sets the Clock on Age Verification: Rollout Urged by End‑2026
The European Commission has set a clear timeline for rolling out age verification across the EU:
- by June 30, 2026, Member States are encouraged to submit implementation plans; and
- by December 31, 2026, at least one EU‑compliant age verification solution should be available in each Member State.
This timeline, set out in the Commission’s (non-binding)…
Three notable changes to the UK ICO’s guidance on cookies, and a hint of a more permissive approach to advertising cookies in the future
By Paul Maynard
On 29 April 2026, the UK Information Commissioner’s Office (“ICO”) updated its guidance on the use of storage and access technologies (i.e., cookies and other technologies that store or access information stored on users’ devices) under Regulation 6 of the Privacy and Electronic Communications Regulations 2003 (“PECR”). These updates follow on the heels of two…
DC AG Sues Multifamily Landlord Over Alleged Deceptive Rental Fee Advertising
On April 27, 2026, District of Columbia Attorney General Brian L. Schwalb filed a complaint against Mid‑America Apartment Communities, Inc., and its subsidiaries (collectively, “MAA”) alleging that the landlord charged illegal fees and misled prospective tenants about the true cost of rent. This action is the latest example of state and federal enforcement scrutiny of…
FTC Sweep on “Made in the USA” Claims
On April 14, 2026, the FTC announced three settlements and issued closing letters to two additional companies concerning “Made in America,” “Made in the USA,” and similar U.S.‑origin claims (collectively, “MUSA claims”). These actions reflect the FTC’s continued focus on MUSA claims and, more broadly, the Trump administration’s focus on American manufacturing and related claims…
UK ICO Consults on Draft Automated Decision-Making Guidance and Sets Expectations for ADM in Recruitment
On 31 March 2026, the UK’s Information Commissioner’s Office (“ICO”) launched a public consultation on draft updated guidance on automated decision-making (“ADM”), including profiling (“Draft Guidance”) and simultaneously published a report on the use of ADM in recruitment (“Recruitment Report”).
The Draft Guidance is the ICO’s first detailed interpretation of the Data (Use and Access)…
CNIL Publishes Recommendation on Email Tracking Pixels
…