Month: October 2025

Representatives in the Michigan state legislature have proposed a ban on VPNs as a part of a larger bill that aims to ban online pornography in the state. 

Mother Jones recently published an article detailing how a secretive surveillance firm called First Wap exploits telecom network loopholes to track, intercept, and surveil phones worldwide—including those of public figures, politicians, and dissidents—often without legal oversight. Lighthouse Reports has also published an investigatory report on First Wap’s activities.

The U.S. Privacy Consortium, a bipartisan collective of U.S. regulators that collaborates on the implementation and enforcement of their states’ data privacy regimes, recently welcomed the attorneys general of Minnesota and New Hampshire as the group’s newest members.

CA Governor Gavin Newsom signed a bill that requires social media companies to make canceling an account straightforward and clear, ensures that cancellation triggers full deletion of the user’s personal data, and provides additional data protections for Californians.

Scouting America, formerly known as the Boy Scouts, announced two new badges that scouts can earn: one in artificial intelligence, and another in cybersecurity.

Federal law enforcement has arrested a suspect in connection with starting what became the Palisades blaze that killed 12 people in early 2025. Among the evidence cited is an AI image of a burning city that the suspect allegedly generated with ChatGPT.

(Compiled by Audrey Kim)

Meta has announced it will incorporate data from user interactions with its AI products to sell targeted ads starting December 16th. More than a billion users engage with Meta AI each month, and the company hopes to monetize this data to better refine its advertisements across a user’s accounts. This includes data gathered from Meta’s Ray-Ban smart glasses and its AI-video programs. Users may not opt out, but company officials say AI conversations involving controversial topics will not be incorporated into a user’s ad feed. 

The 2025 Esports World Cup brought in hundreds of millions of viewers, highlighting the surging popularity of this once-niche hobby. As the field expands, Esports participants must increasingly comply with local consumer privacy laws, especially as they advertise to viewers and collect their data. Competitors themselves must obtain affirmative consent from users and companies must avoid falling afoul of unfair competition or deceptive business practice regulations.. Stakeholders throughout the industry must conduct extensive due diligence to avoid liability, whether it be event organizers, team managers, players, or sponsors, a burden which will only grow as the sport continues its meteoric growth.

The Supreme Court recently upheld Texas HB 1181, narrowly approving age verification for sexual content online in apparent contravention of online privacy. The need to submit ID exposes adult users to data breaches, to say nothing of intentional sale or surveillance. Recent data breaches at major companies and their partners indicates these fears may be warranted.

The Supreme Court also allowed President Trump to fire a commissioner of the FTC, which enforces consumer protection and antitrust laws. This decision signals a willingness to overturn Humphrey’s Executor v. US, a 1935 decision restricting the President’s power to remove the leaders of independent regulatory agencies. By extension, this would threaten the ability of the FTC and similar agencies to regulate data usage and privacy in the US.

While the US tries to maintain a lead in the AI space, a black market in GPUs increasingly brings these high-demand products to China despite American regulations. The American government rarely approves exports of these goods, but unofficial channels salvage GPUs and clandestinely smuggle them from Taiwan and the US to Chinese companies. In the meantime, the US government has been working with semiconductor companies NVIDIA and AMD to compensate them for any revenue lost due to restrictions on exports to China.

(Compiled by David Gonzalez)

Brazil has passed a new child protection law – the ECA Digital. The law requires online services likely to be used by children to build in protections for privacy, safety, and children’s best interests by default, including banning profiling and behavioral advertising targeting kids. It takes effect in March 2026 and includes penalties for non-compliance, such as fines (up to 50 million reais or 10% of revenue in Brazil), suspension or bans, and is being enforced by Brazil’s data protection authority.

Tech Policy published a piece arguing that recent Supreme Court rulings erode longstanding protections by allowing states to impose age-verification mandates online, thereby undermining users’ First Amendment rights and privacy. The piece claims that requiring individuals to submit personal identifiers to access content risks surveillance, data exposure, and chilling effects on online speech for both minors and adults.

The United Kingdom rolled out their proposal for a digital ID. The plans faced criticism from across the political spectrum. The proposal has been pushed by the Tony Blair Institute, who is funded almost exclusively by Oracle. 

Recently, the U.S. Supreme Court granted a stay allowing President Trump’s removal of FTC Commissioner Rebecca Kelly Slaughter and agreed to review the FTC’s structure under the separation-of-powers doctrine. Slaughter, dismissed in March 2025 along with Commissioner Alvaro Bedoya, had been reinstated by the D.C. Circuit based on Humphrey’s Executor v. United States (1935), which upheld “for-cause” protections for FTC commissioners.

The Supreme Court’s stay blocks her return while it considers whether those protections are constitutional and whether Humphrey’s Executor should be overruled.The outcome could significantly alter the FTC’s independence and its role in privacy and consumer protection enforcement. A ruling narrowing removal protections would weaken the agency’s autonomy, while affirming them would preserve its authority. For privacy law, the decision introduces major uncertainty for ongoing and future FTC enforcement actions

(Compiled by Anthony Perrins)