On April 14, 2026, the FTC announced three settlements and issued closing letters to two additional companies concerning “Made in America,” “Made in the USA,” and similar U.S.‑origin claims (collectively, “MUSA claims”). These actions reflect the FTC’s continued focus on MUSA claims and, more broadly, the Trump administration’s focus on
Continue Reading FTC Sweep on “Made in the USA” ClaimsPrivacy
UK ICO Consults on Draft Automated Decision-Making Guidance and Sets Expectations for ADM in Recruitment
By Jadzia Pierce on
Posted in Privacy, United Kingdom
On 31 March 2026, the UK’s Information Commissioner’s Office (“ICO”) launched a public consultation on draft updated guidance on automated decision-making (“ADM”), including profiling (“Draft Guidance”) and simultaneously published a report on the use of ADM in recruitment (“Recruitment Report”).
The Draft Guidance is the ICO’s first detailed interpretation of the Data (Use and Access) Act’s (“DUAA”) changes to the UK GDPR’s ADM provisions, and the accompanying Recruitment Report is a sector-specific signal of how the ICO expects those rules to operate in practice.
Continue Reading UK ICO Consults on Draft Automated Decision-Making Guidance and Sets Expectations for ADM in RecruitmentNew EDPB Guidelines on the Use of Personal Data in Scientific Research
On April 15, 2026, the European Data Protection Board (EDPB) published draft Guidelines 1/2026 on the processing of personal data for scientific research purposes (Guidelines). The Guidelines are open for public consultation until 25 June 2026. They aim to clarify how the GDPR applies to academic, public‑sector, and commercial research, including research that relies on AI, large data sets, and the reuse of personal data. The Guidelines do not cover the application of other EU or Member State law regulating scientific research or the processing of genetic, biometric, or health data specifically.
Continue Reading New EDPB Guidelines on the Use of Personal Data in Scientific ResearchFTC Seeks Comment by May 18 on Food Delivery Pricing and Fees
By Laura Kim, Alexandra Remick & Carter McCants on
Posted in Privacy
On April 14, 2026, the Federal Trade Commission (“FTC” or “Commission”) announced an Advanced Notice of Proposed Rulemaking (“ANPRM”) seeking public comment on whether a new rule is needed to address fee practices by online food and grocery delivery platforms that may obscure total pricing or impede consumers’ ability to…
Continue Reading FTC Seeks Comment by May 18 on Food Delivery Pricing and FeesSeventh Circuit Holds that BIPA Amendment Applies Retroactively
Posted in Privacy
On April 1, 2026, the Seventh Circuit in Clay v. Union Pacific Railroad Company held that an amendment to the Illinois Biometric Information Privacy Act (BIPA), limiting damages to a per-person basis, applies retroactively to cases pending when the amendment was enacted in 2024. This decision limits the potential statutory damages plaintiffs may obtain for pending BIPA cases.
Continue Reading Seventh Circuit Holds that BIPA Amendment Applies RetroactivelyOklahoma Enacts Comprehensive Privacy Law
By Lindsey Tonsager, Jayne Ponder & Clare Mathias on
Posted in Privacy
- Scope and Applicability. OKDPA applies to controllers and processors that conduct business in Oklahoma or target Oklahoma residents and annually either (a)
Ofcom and ICO Issue Joint Statement on Age Assurance
By Claudia Berg, Jadzia Pierce & Sam Jungyun Choi on
(“Joint Statement”). The Joint Statement is aimed at services likely to be accessed by children that fall within the scope of the Online Safety Act 2023 (“OSA”) and UK data protection legislation, and is designed to help providers comply with both their online safety and data protection obligations when deploying age assurance.
The Joint Statement arrives alongside a broader push from both regulators—including Ofcom’s recent call to action directed at major tech firms, an open letter from the ICO urging platforms to strengthen their age checks, and several enforcement actions by both regulators.
Continue Reading Ofcom and ICO Issue Joint Statement on Age AssuranceMEPs Adopt Joint Position on Proposed Digital Omnibus on AI
By Jadzia Pierce, Dan Cooper & Atli Stannard on
On 18 March 2026, the European Parliament’s Committee on the Internal Market and Consumer Protection (“IMCO”) and the Committee on Civil Liberties, Justice and Home Affairs (“LIBE”) adopted their joint negotiating position on the European Commission’s proposed Digital Omnibus on AI (which we previously analysed here). The position will now proceed to a plenary vote, expected on 26 March 2026. The Council of the EU had previously adopted its negotiating position on 13 March 2026. This sets up trilogue negotiations between the Parliament, Council, and Commission.
Continue Reading MEPs Adopt Joint Position on Proposed Digital Omnibus on AIItalian DPA Fines Bank over the Transfer of Customer Data in the Context of a Corporate Transaction
By Kristof Van Quathem & Laura Somaini on
On March 12, 2026, the Italian Data Protection (“Garante”) adopted a decision concerning the transfer of personal data of banking customers from Intesa Sanpaolo S.p.A. (the “Bank”) to Isybank S.p.A., a newly established digital bank within the same corporate group. The Garante found that the Bank’s processing in connection with the transfer of approximately 2.4 million customers to Isybank was unlawful.
We set out the decision’s key findings below.
Continue Reading Italian DPA Fines Bank over the Transfer of Customer Data in the Context of a Corporate TransactionUK Government Launches Consultation on Children’s Online Experiences, Including New Obligations for AI
By Sam Jungyun Choi, Jadzia Pierce & Dan Cooper on
Posted in Privacy, United Kingdom
On March 2, 2026, the UK Department for Science, Innovation and Technology (“DSIT”) launched its consultation, titled “Growing up in the online world: a national conversation”. The consultation is open until 26 May 2026, after which the government will publish a summary of responses and its proposed approach. DSIT has indicated that it intends to move quickly on the consultation’s findings, drawing on newly granted powers that allow for accelerated implementation of online safety measures.
The consultation seeks views on a wide range of potential measures to strengthen children’s safety and wellbeing online, including more robust age‑assurance mechanisms, a statutory minimum age for social media, raising the UK’s age of digital consent, restrictions on certain features (such as livestreaming and disappearing messages), and new obligations for AI chatbots and generative‑AI services.
DSIT’s proposals could significantly expand regulatory expectations beyond the Online Safety Act 2023 (“OSA”)—including potential age‑based access limits (including differing safeguards as between teens and younger children), feature‑level restrictions, and enhanced duties for AI‑enabled services. Early engagement will be important to ensure that the government takes account of the views of affected service providers and understands the operational and technical implications of the measures proposed.
Continue Reading UK Government Launches Consultation on Children’s Online Experiences, Including New Obligations for AI