It was an AI-heavy news cycle in the privacy world this past month, as artificial intelligence made numerous headlines. Another great reminder to maybe think twice before giving AI all your information and asking it to draw a picture of you dressed as Thor fighting Orcs in Middle-earth with a light saber… which is a shame, because that would be awesome.
P.S. This month, we interviewed attorney Matthew Baker on the recent decision by the European General Court affirming the EU-US Data Privacy Framework. You can listen to this insightful episode of Privacy Lawls here. Now for the news!
Table of Contents
What’s new in privacy?
Below are some of the most notable news in privacy from this month:
- Consumer advocacy group urges OpenAI to pull Sora app over privacy concerns. The nonprofit consumer advocacy group Public Citizen demanded that OpenAI withdraw its video-generation software Sora 2 after the app sparked fears about the spread of misinformation and privacy concerns. The nonprofit claims that the app can lead to the proliferation of non-consensual images and realistic deepfakes and that this can lead to harassment. Learn more here.
- Europe proposes changes to GDPR and AI Act. The new proposal would make it easier for companies to share anonymized and pseudonymized personal datasets and would allow AI companies to use personal data to train AI models. Learn more here.
- Google phases out the Privacy Sandbox. After six years of the Privacy Sandbox, Google has confirmed that it will stop exploring alternatives to cookies and that there are no viable alternatives to cookie tracking. Read more here.
- Children and Teens’ Online Privacy Protection Act proposed. The bill would revise and strengthen COPPA, by introducing stricter rules regarding how online services collect and manage personal information from minors, requiring clear and verifiable consent, implementing reporting and assessment requirements, and more. Read more here.
- Europe fines Apple 150 million Euros over privacy feature. France’s Competition Authority has fined Apple alleging that the App Tracking Transparency feature was actually anticompetitive behavior disguised as user and privacy protection. Learn more here.
- Pennsylvania representative seeks to protect drivers from license plate reader sharing. After the Flock investigation, one Pennsylvania representative is looking to prevent law enforcement from sharing automated license plate reader information. The representative stated that the systems pose a serious threat to the rights and privacy of American drivers. Read more here
- Privacy and compliance remain concerns for AI adoption. A recent poll by SSN News found that 75% of respondents stated that their largest concern with deploying agentic AI in security environments is linked to data privacy and compliance risks. Read more here.
- AU $5.8 million penalty issued for data breach. The Federal Court of Australia recently issued a penalty of AU $5.8 million to Australian Clinical Labs Limited for systemic failures that led to the unauthorized access and exfiltration of the sensitive personal information of more than 223,000 individuals. Learn more here.
- Delaware and Maryland privacy regulators issue insights into enforcement. Delaware will be prioritizing easily identifiable violations such as failure to list privacy rights in Privacy Policies and outdated Privacy Policies. Delaware plans on looking closely at connected televisions and leveraging technology experts when determining which companies should be investigated. Read more here.
- Oklahoma updates breach notification law. Oklahoma’s SB626 revises the state’s breach notification law by expanding the definition of personal information, introducing a regulatory notice requirement, and updating safe harbor exemptions. Learn more here.
What privacy bills are we tracking?
As part of our service, we keep track of privacy bills that would affect the way Privacy Policies are written. Below is our most recent list of privacy bill proposals in the United States. You can access the privacy bill tracker any time on our blog.
- Illinois – IL SB52;
- Illinois – IL HB3041;
- Maine – ME HB710/HB1088;
- Maine – ME HB1220;
- Massachusetts – MA SB33;
- Massachusetts – MA HB104;
- Massachusetts – MA SB2608;
- Massachusetts – MA SB2619;
- Massachusetts – MA HB4746;
- New York – NY S4276;
- New York – NY AB5827;
- New York – NY AB974;
- New York – NY AB4947;
- North Carolina – NC – HB462;
- North Carolina – NC – SB757;
- Pennsylvania – PA HB78;
- Pennsylvania – PA SB112
Events
Here are some great virtual events that you can attend to learn more about the hottest issues in privacy and meet other privacy professionals:
- Between privacy and employer power: managing employee data in the digital and AI era – December 3, 2025;
- FTC privacy enforcement: current landscape and key updates – December 10, 2025;
- Children’s privacy and protection in the era of digitalization – December 15, 2025.
Conclusion
That’ll do it! Thanks for reading and we will catch you next year! Unless AI destroys us all before then. I hope that Middle-earth, Marvel, and Star Wars crossover photo was worth it…
