After a period of regulatory review under Chairman Andrew Ferguson, on Tuesday, April 22, 2025, the U.S. Federal Trade Commission (FTC) published amendments to the Children’s Online Privacy Protection Act (COPPA) Rule (COPPA Rule or the Rule), which was last updated in 2013. As we reported earlier this year, the FTC finalized its most recent
Data Privacy
FTC Calls for Public Feedback on Tech Censorship

The Federal Trade Commission (FTC or Commission) is asking members of the public to weigh in on whether tech platforms restricted or blocked their access because of content they posted on those platforms. The FTC issued a Request for Information (RFI) on February 20, 2025, to “better understand how technology platforms deny or degrade (such…
Updated COPPA Rule on Hold?


As we recently reported, the Federal Trade Commission (FTC or Commission) finalized updates to the Children’s Online Privacy Protection Rule (COPPA Final Rule or Rule) on January 16, 2025, and the updates were due to take effect 60 days after publication in the Federal Register. However, an Executive Order issued by President Trump on…
EDPB ePrivacy Guidelines: Comments Highlighting Risks to Businesses with Digital Activities

Keller and Heckman has submitted comments to the European Data Protection Board (EDPB) in the context of a public consultation on their draft guidelines 2/2023 on the Technical Scope of Art. 5(3) of ePrivacy Directive, on behalf of various organisations that wished to contribute in a meaningful manner without drawing attention to their identity.…
AI Regulation: The Next Frontier



As the federal government continues to wrestle with the complex issue of regulating Artificial Intelligence (AI) in the wake of the release of President Biden’s Executive Order, states have already proposed or enacted AI regulation, and even more will attempt to tackle the issue in 2024. Two recent developments in AI regulation from California…
Why every company with digital activities should comment on the EDPB’s new ePrivacy guidelines

So much for tackling consent fatigue. The short version: If unchanged, the new EDPB guidelines on what is known as the “cookie” rule would extend that rule to cover nearly every communication over the Internet and any use of software on a computer. Your business is probably more impacted than you might think, and it…
CA Court Blocks Enforcement of Controversial Children’s Online Privacy Law

On September 18, 2023, the United States District Court for the Northern District of California granted a preliminary injunction to NetChoice, a tech umbrella group, against California Attorney General Rob Bonta from enforcing the California Age-Appropriate Design Code Act (CAADCA). The court found the CAADCA, which was slated to take effect on July 1, 2024…
Ninth Circuit Affirms State Privacy Law Claims Not Preempted by COPPA



On July 13, 2023, a three-judge Ninth Circuit panel denied Google’s challenge of its earlier decision in Jones v. Google, which held that state privacy law claims in a putative class action are not preempted by the federal Children’s Online Privacy Protection Act (COPPA). The December decision reversed a lower court’s dismissal of the…
Contract as Legal Ground? New CJEU Ruling Creates Risks Re Personalisation


What kinds of processing are necessary for the performance or conclusion of a contract?
This is one of the questions the Court of Justice of the European Union (CJEU) was asked to examine in case C-252/21 between Meta Platforms and the German Federal Cartel Office, in which it delivered a judgment on July 4th…
Soon Higher GDPR Fines in Belgium? Court Decision Paves Way for Public Fining Methodology

Until now, fines by the Belgian Data Protection Authority (BDPA) had, compared to its neighbouring countries (France, Luxembourg, and the Netherlands), appeared on the low side in absolute numbers.
Last year we carried out an analysis of over 300 fines related to (alleged) infringements of the General Data Protection Regulation (GDPR), including the top 250…