A recent Third Circuit decision gives companies another strong defense point in the wave of website tracking and session replay litigation, including claims brought under the California Invasion of Privacy Act (CIPA). In Smidga v. Spirit Airlines, the plaintiffs alleged that Spirit used session replay code to record website visitors’ interactions, including text entries,

On May 20, 2026, in Zelma v. Wonder Group Inc. (D.N.J. May 20, 2026), a federal court in New Jersey largely dismissed Telephone Consumer Protection Act (TCPA) claims against food-tech company Wonder Group Inc. (Wonder), holding that two bare verification-code text messages were not “telephone solicitations” or “unsolicited advertisements.”

The TCPA regulates certain calls and

Many insurers, and the businesses they cover, are still treating artificial intelligence (AI) risk as if it were cyber risk cloaked in a costume. That instinct is understandable since AI systems process data, rely on vendors, create operational dependencies, and sit inside digital infrastructures. However, early litigation is showing why that framing is likely incomplete.

The Texas Attorney General has filed a new consumer-protection lawsuit against Netflix, alleging that the company misled Texans by marketing itself as an ad-free, kid-friendly alternative to Big Tech while allegedly building a large-scale system for collecting and monetizing user data. The complaint claims that Netflix repeatedly assured consumers that its paid subscription model separated it

The latest ruling in Liss v. Skechers USA Inc., No. 3:25-CV-05861-DGE, 2026 WL 1392327 (W.D. Wash. May 19, 2026), keeps alive a proposed Washington class action challenging promotional email subject lines that allegedly used deadline-driven language to create artificial urgency around discounts. The plaintiffs alleged that Skechers sent commercial emails to Washington consumers with subject

The Cybersecurity and Infrastructure Security Agency (CISA), which is part of the Department of Homeland Security, is responsible for cybersecurity and infrastructure security throughout the federal government, to improve cybersecurity protection against private and nation-state hackers.

CISA has been without a director since the beginning of President Trump’s second term, when the then-director resigned. In

On May 2, 2026, the Connecticut Legislature approved the overhaul of the state’s Certificate of Need (CON) program as part of its appropriations bill for the fiscal year ending June 30, 2027, Public Act No. 26-68 (“the Act”).

The Act significantly revises all aspects of the CON program and process, including most notably by eliminating

Another recent victim of ShinyHunters is Instructure, the supplier of the Canvas learning management system, which disrupted the login portals of 330 colleges and universities during the critical college exam schedule.

According to Dataminr, ShinyHunters “claimed to have stolen 3.654TB of data affecting about 275 million individuals and 9,000 institutions worldwide.” The stolen data

The spread of AI generated intimate imagery has turned what was already a serious online safety issue into a fast- moving platform governance problem. The Federal Trade Commission’s (FTC) latest stakeholder letter makes clear that covered platforms will be expected to have systems in place before enforcement begins. This week, the FTC sent a stakeholder