Mar. 26, 2025

Navigating Global Privacy Control’s Not-So-Simple Implementation

Soon, nine states will require websites to honor consumers’ broadcasted requests to opt out of all sharing of their personal data with the global privacy control (GPC) or a similar universal opt-out mechanism. GPC, a browser-based setting for consumers to automatically opt out, is said to be simple for consumers to use, simple for companies to implement and simple for regulators to check. But it turns out to have several complexities for companies, underscored by a new study of 11,000 sites revealing that many of them did not translate GPC into opt-out signals. This article goes behind the findings and looks at the GPC’s pitfalls, including misconfigurations, privacy signal system glitches, the ease of consent fraud and issues in due diligence, with insights from an original developer of GPC and experts at Moritt Hock, Neal Gerber & Eisenberg, the Network Advertising Initiative, Orrick and Raptive. See “Why Companies Unintentionally Fail to Honor Opt-Outs” (Aug. 16, 2023).

Implications of the Trump AI Executive Order

After rescinding former President Joe Biden’s AI executive order (Biden EO) in his first week in office, President Trump issued his own executive order (Trump EO), which calls for a new federal AI Action Plan that focuses on reducing regulation and prioritizing innovation. In this guest article, ZwillGen attorney Jey Kumarasamy explores the potential impacts of the revocation of the Biden EO, including the fate of voluntary guidelines and the de-emphasis of risk management, and delves into what to expect from the AI Action Plan that will be developed under the Trump EO, highlighting the new administration and industry’s latest comments on AI. See “How the 2025 Cybersecurity Executive Order Affects Business” (Feb. 5, 2025).

Rethinking Click-Through Training: The Pluses and Minuses

Online, prerecorded and asynchronous trainings that can be delivered to a broad audience that only has to click through screens and multiple-choice tests to complete, often referred to as “click-through training,” has become a staple (and sometimes a bane) of corporate compliance programs. This first article in a three-part series explores the advantages, evolution and criticisms of click-through training, and strategies for improving its effectiveness. The second article will focus on customizing content of click-through training to ensure it is engaging and relevant, as well as strategies for measuring and improving its effectiveness. The third article will address integrating click-through training into a broader training program and explore how to choose the right vendor. See “Go Phish: Employee Training Key to Fighting Social Engineering Attacks” (Aug. 9, 2023).

Morgan Lewis Bolsters Cybersecurity and Privacy Practice With Two New Partners

Morgan Lewis has expanded its cybersecurity, incident response, privacy and information management practice with the addition of partners Heather Egan and Hannah Levin. Egan and Levin both arrive from Orrick. For insights from Egan, see “Privacy Resolutions for 2022” (Jan. 19, 2022). For commentary from Morgan Lewis, see our three-part series on the DOJ’s 2024 edits to the ECCP: “Some History and AI Expectations” (Nov. 6, 2024), “Data Analytics to Find Risks and Measure Effectiveness” (Nov. 20, 2024), and “Speaking Up, Compliance Resources and Lessons Learned” (Dec. 11, 2024).

FBI Official Joins Robinson Bradshaw

Former federal prosecutor and recent FBI Deputy Chief of Staff William Miller, who advised the bureau’s leadership on significant cyber threats, has joined Robinson Bradshaw as co-chair of its government and internal investigations group, and as a member of the cybersecurity and privacy practice group.