Robot.txt file is not a technological barrier.
Judge Sidney H. Stein of the Southern District of New York issued a remarkable ruling in the OpenAI copyright litigation relating to web scraping and AI training practices. In partially granting OpenAI’s motion to dismiss claims brought by digital publisher Ziff Davis, the court delivered a significant holding: robots.txt files do not constitute ...
California is rolling out two significant regulatory packages that will reshape business obligations under California privacy law beginning January 1, 2026. Together, these regulations introduce comprehensive automated decision-making requirements, mandatory cybersecurity audits, risk assessments, and a centralized consumer deletion mechanism for data brokers.
Automated decision-making technology
The updated CCPA regulations establish extensive requirements for businesses using “automated decision-making technology” (ADMT), ...
The European Data Protection Board (EDPB) has published and opened for public comments new recommendations addressing the widespread practice of requiring users to create accounts before browsing or purchasing on e-commerce websites. The guide concludes that mandatory account creation can be lawfully justified only in narrow circumstances.
EDPB recommendations for eCommerce sites
The EDPB systematically analyzed the three legal bases ...
As 2026 begins, several significant legislative developments are reshaping the legal landscape governing artificial intelligence, digital identity, and data protection across the United States and European Union.
New York enacts AI transparency requirements for advertising.
Governor Hochul signed two related bills addressing synthetic media and digital replicas in commercial contexts. Senate Bill S8420A requires advertisers to conspicuously disclose when ...
The Israeli Minister of Defense issued a new set of regulations to repeal the decades-old ministerial order on the supervision of encryption (referred to as the “Cipher Order”).
This legislative shift is rooted in a fundamental change in regulatory thinking, acknowledging the widespread integration of encryption products and the expansion of the networked environment. Consequently, the historic need for comprehensive ...
Recent enforcement actions across three major data protection and digital services regimes demonstrate that regulators on both sides of the Atlantic are increasingly willing to impose substantial penalties for non-compliance. From France to California to Brussels, companies face mounting consequences for violating privacy and transparency obligations.
EU Commission fines X.
In the most high-profile action, the European Commission on December ...
August 2, 2026, marks a key application date for the EU AI Act, when the regulation’s core framework becomes broadly operational.
High-risk systems under the EU AI Act
According to the EU AI Act’s Article 113, this date triggers the application of most provisions not already in force, including the comprehensive requirements for high-risk AI systems listed in Annex III. ...
The judgment of the UK High Court in the case of Getty Images v Stability AI outlines the proceedings in a high-stakes intellectual property dispute filed by Getty Images and its affiliated companies against Stability AI Limited. The lawsuit accuses Stability AI of both trademark infringement and secondary copyright infringement relating to its powerful generative art model, Stable Diffusion.
Much ...
New user? Click here to register