On September 16, 2025, the European Commission opened a call for evidence to inform a forthcoming “Digital Omnibus” aimed at simplifying and reducing administrative burden across the EU’s data, cybersecurity and AI regulatory frameworks. The initiative sits within the Commission’s simplification agenda and its headline target to cut administrative burden by at least 25% overall (35% for SMEs).
As 2024 comes to a close, permutations in the arena of name, image and likeness (NIL) impacting collegiate athletics continue unabated.
Most prominently, Northern District of California District Judge Claudia Wilken preliminarily approved the proposed settlement agreement to resolve the trio of pending antitrust cases known colloquially as Carter, House, and Hubbard. While a number of judicial hurdles must be cleared before the settlement is finalized and implemented, Judge Wilken’s ruling is a significant step toward a new system of rules and athlete compensation for collegiate athletics.
The latest trend in generative AI is the rise of “AI Assistants” or “Chatbots.” These tools are increasingly trained on internal company data to interact directly with consumers and aim to improve customer service by generating responses on behalf of the organization. However, this brings new legal challenges, especially regarding data privacy. Because “biometric” data or information is often broadly defined, compliance with privacy regulations becomes critical when chatbots and AI agents use voiceprints, cameras (capturing or processing hand or facial geometry) or other sensors to provide a personalized service. Companies should implement safeguards to meet legal requirements, avoid penalties, and secure insurance coverage to mitigate financial risks related to compliance with data privacy laws and regulations.
Moments before former President Donald Trump took to the stage at a Montana rally this August, Celine Dion’s 1997 hit, “My Heart Will Go On,” blasted over the speakers while a clip appeared onscreen. It took less than 24 hours for the five-time Grammy winner’s team and Sony Music Entertainment Canada to issue a statement on social media saying that “in no way is this use authorized, and Celine Dion does not endorse this or any similar use.” Amid a heated political season, it’s not unusual for candidates to clash with the artists whose music they promulgate on the campaign trail. In Trump’s case, though, using a video compounded the legal complications. While political licensing for music typically needs approval from the recording artist, video playback requires approval from both the artist and composer. In theory, this fact would make it less risky for campaigners to stick with audio-only soundbites of their favorite crowd-pumping tunes. However, there are still questions around general music licensing dos and don’ts when it comes to politics, even as performing rights groups work to clarify things. For now, the intersection of artists’ rights and political campaigns remains a murky legal crossroads, at best.
Global music superstar Taylor Swift began her music career in Nashville, so we thought it fitting that on July 1, with the end of the Eras Tour in sight, the Ensuring Likeness Voice and Image Security (ELVIS) Act went into effect in Tennessee. This marks the latest front in the effort to navigate the interplay between the capability of generative AI and the Right of Publicity for music and voice artists alike.
A new report issued in May 2024 by the Centre for European Policy Studies (CEPS), an independent thinktank, is the latest development to cause concerns over the EU-U.S. Data Privacy Framework (DPF), predicting that it will likely fail if challenged before the Court of Justice of the European Union (CJEU).
On May 23, the House Subcommittee on Innovation, Data and Commerce advanced out of committee the American Privacy Rights Act (APRA), a draft piece of legislation to establish a federal data privacy standard in the United States. The legislation now moves to the full Energy and Commerce Committee for markup. Several changes were made in the draft legislation during the markup process, but the section containing a groundbreaking set of private right of action remains unchanged.
In the Cybersecurity Law Report, colleagues Jeewon K. Serrato, Shruti Bhutani Arora and Christine Mastromonaco discuss the details of the APRA’s private right of action, the remedies available to individuals and the preemptive effect of the APRA.
Click here to read the full article.
(The Consumer Protection Dispatch summarizes industry news and updates on emerging issues involving a variety of consumer protection issues including, but not limited to, data and AI.)
This week’s edition includes latest developments relating to AI laws passed by Colorado, Tennessee and Utah, U.S. Senate bipartisan working group on AI, a new privacy bill from Vermont and a new privacy law from Maryland, a new Colorado law protecting neural data, and updates from the California Privacy Protection Agency.
Developments in the world of name, image and likeness (NIL) rights continue to occur at an extremely swift pace.
Within the last two weeks, Virginia amended its existing NIL laws to significantly strengthen student-athlete NIL rights, and the NCAA adopted new NIL rules designed to allow schools to support student-athlete NIL endeavors. The NCAA also relaxed the NIL disclosure requirement adopted in January and announced it had selected Teamworks Innovations to build and maintain its NIL database.
Electronic identification and trust services (eIDAS) refer to a range of services that include verifying the identity of individuals and businesses online and verifying the authenticity of electronic documents. Since 2014, such services provided in the EU have been subject to the eIDAS Regulation, which aimed to create a predictable regulatory environment across the EU and ensure that interoperability across different EU Member States. The eIDAS Regulation’s complexity, inflexibility and perceived limitations resulted in limited adoption, while the COVID-19 pandemic simultaneously fueled an increased demand for electronic identification. Consequently, the European Commission committed to revising the eIDAS Regulation to establish an EU-wide attribute-based electronic identity framework, incorporating a government-issued digital identity wallet to eliminate the dependence on commercial authentication providers.
Internet & Social Media Law Blog