Personalized advertising and pricing are increasingly common online practices, and prompt discussions about fairness and consumer rights in the EU. This post examines how these practices are regulated under EU consumer protection law, and what we anticipate from the forthcoming Digital Fairness Act (DFA). We also consider how data protection rules—such as the GDPR—interact with
Proposed State Privacy Law Update: June 23, 2025
Keypoint: Texas enacts two amendments to its data broker law while New York’s legislature passes a social media warning bill.
Below is the twenty fourth weekly update on the status of proposed state privacy legislation in 2025. As always, the contents provided below are time-sensitive and subject to change.
Table of Contents
Privacy Compliance in the U.S. and Canada: One Border, Two Privacy Playbooks
If you’re doing business in both Canada and the United States, you’ve probably already discovered this truth: one privacy strategy just won’t work for both countries. In fact, trying to apply the same rules on both sides of the border is like using the same key for two different locks. You might force it to
CNIL Publishes Recommendations on Legitimate Interest as a Legal Basis for AI Training
On June 19, 2025, the French Data Protection Authority (“CNIL”) published two recommendations for AI developers. The first recommendation covers reliance on the GDPR’s legitimate interest legal basis for developing an AI model. It provides examples of legitimate interests that can justify the use of personal data for AI development. The second recommendation discusses measures
Agentic AI for Software Security: Eliminate More Vulnerabilities, Triage Less
@media screen and (max-width: 1023px){section[data-id=”block_22bd036dec0f54b0c5589604377c8eab”]{ }}@media screen and (min-width: 1024px) and (max-width: 1365px){section[data-id=”block_22bd036dec0f54b0c5589604377c8eab”]{ }}@media screen and (min-width: 1366px){section[data-id=”block_22bd036dec0f54b0c5589604377c8eab”]{ }}
Ian Riopel is the CEO and Co-founder of Root, applying agentic AI to fix vulnerabilities instantly. A US Army veteran and former Counterintelligence Agent, he’s held roles at Cisco, CloudLock, and Rapid7. Ian brings military-grade security
Cybersecurity in the Era of Generative and Agentic AI: Six Observations
Last week, I had the privilege to attend one of the Midwest’s largest artificial intelligence conferences dedicated to AI developers, users, and enthusiasts: Cincy AI Week. During the three-day event, which brought together over 950 local professionals, I spoke on a panel entitled “Managing Risk in the Age of AI and Automation.” Here are six
AI and Job Postings: Navigating Ontario’s Upcoming Requirements
On March 21, the Ontario’s Bill 149, Working for Workers Four Act, 2024 (“Bill 149”) received Royal Assent.
UK: Data (Use and Access) Bill passes through Parliament
On 11 June 2025, the UK’s Data (Use and Access) Act 2025 (“DUA Act”) was passed and received Royal Assent on 19th June 2025.
The government first announced plans for the new DUA Act in the King’s speech back in July 2024. The DUA Act introduces reforms to data protection and e-privacy laws and also
Proposed State Privacy Law Update: June 16, 2025
Keypoint: Last week, the Vermont Governor signed the Vermont Age-Appropriate Design Code Act into law.
Below is the twenty third weekly update on the status of proposed state privacy legislation in 2025. As always, the contents provided below are time-sensitive and subject to change.
Table of Contents
1.