Alston & Bird Privacy, Cyber & Data Strategy Blog

Texas Court Blocks Smart TV Data Collection

January 5, 2026 By Jennifer Everett, David Keating and Lili Song

A Texas state court has issued a temporary restraining order (“TRO”) blocking Hisense, a major Chinese smart TV manufacturer, from collecting data on the content viewers watch via Automatic Content Recognition (“ACR”) technology. Background The TRO follows lawsuits that Texas Attorney General (“AG”) Ken Paxton filed on December 15, 2025, against Hisense and four other smart TV manufacturers. The complaints allege unlawful business practices related to the collection and use of sensitive ACR … [Read more] about Texas Court Blocks Smart TV Data Collection

NYDFS Releases New Prescriptive FAQs on MFA

December 22, 2025 By Kim Peretti, Kate Hanniford, Lance Taubin and Carson Kuck

The New York Department of Financial Services (NYDFS) has released a new set of Frequently Asked Questions (FAQs 18–23) under 23 NYCRR Part 500, reinforcing its position that multifactor authentication (MFA) remains a critical component of a covered … [Read more] about NYDFS Releases New Prescriptive FAQs on MFA

How to Comply with the EU AI Act: Guidance from the Spanish AI Regulator

December 15, 2025 By Alice Portnoy and Wim Nauwelaerts

On December 10, the Spanish supervisory authority for the EU AI Act (Agencia Española de Supervisión de Inteligencia Artificial, or AESIA) published a set of 16 detailed guidelines and non-binding checklists (available online here in Spanish) … [Read more] about How to Comply with the EU AI Act: Guidance from the Spanish AI Regulator

New EU Regulation Clarifies Cybersecurity Rules for IoT Devices and Other ‘Products with Digital Elements’

December 10, 2025 By Paul Greaves, Wim Nauwelaerts and Kelly Hagedorn

On November 28 2025, the European Commission adopted a regulation implementing the Cyber Resilience Act (‘CRA’) – an EU-wide law which lays down cybersecurity requirements for companies that design and sell ‘products with digital elements’. PDEs can … [Read more] about New EU Regulation Clarifies Cybersecurity Rules for IoT Devices and Other ‘Products with Digital Elements’

California AG Announces $1.4 Million Settlement with Mobile App Provider for Alleged CCPA Violations

December 1, 2025 By Maki DePalo, David Keating and Hyun Jai Oh

On November 21, 2025, California Attorney General (AG) Rob Bonta announced a $1.4 million settlement with Jam City, Inc. (company), a mobile game app company, for alleged failures to enable in-app opt-outs from the sale and sharing of personal … [Read more] about California AG Announces $1.4 Million Settlement with Mobile App Provider for Alleged CCPA Violations