Mar. 26, 2025

Navigating the Complexities of Global Privacy Control

Soon, nine states will require websites to honor consumers’ broadcasted request to opt out of all sharing of their personal data with the global privacy control (GPC) or similar universal opt-out mechanisms. GPC, a browser-based setting for consumers to automatically opt out, is said to be simple for consumers to use, simple for companies to implement and simple for regulators to check. But it turns out to have several complexities for companies, underscored by a new study of 11,000 sites revealing that many of them did not translate GPC into opt-out signals. This article goes behind the findings and looks at GPC pitfalls, including misconfigurations, privacy signal system glitches, the ease of consent fraud and issues in due diligence, with insights from an original developer of GPC and experts at Morritt Hock, Neal Gerber & Eisenberg, the Network Advertising Initiative, Orrick and Raptive. See “Why Companies Unintentionally Fail to Honor Opt-Outs” (Aug. 16, 2023).

Implications of the Trump AI Executive Order

CSLR Summary

After rescinding former President Joe Biden’s AI executive order (Biden EO) in his first week in office, President Trump issued his own executive order (Trump EO), which calls for a new federal AI Action Plan that focuses on reducing regulation and prioritizing innovation. In this guest article, ZwillGen partner Jey Kumarasamy explores the potential impacts of revocation of the Biden EO, including the fate of voluntary guidelines and the de-emphasis of risk management, and delves into what to expect from the AI Action Plan that will be developed under the Trump EO, highlighting the new administration and industry’s latest comments on AI. See “How the 2025 Cybersecurity Executive Order Affects Business” (Feb. 5, 2025).

Rethinking Click-Through Training: The Pluses and Minuses

Online, prerecorded and asynchronous trainings that can be delivered to a broad audience that only has to click through screens and multiple-choice tests to complete, often referred to as “click-through training,” has become a staple (and sometimes a bane) of corporate compliance programs. This first article in a three-part series explores the advantages, evolution and criticisms of click-through training, and strategies for improving its effectiveness. The second article will focus on customizing content of click-through training to ensure it is engaging and relevant, as well as strategies for measuring and improving its effectiveness. The third article will address integrating click-through training into a broader training program and explore how to choose the right vendor. See “Go Phish: Employee Training Key to Fighting Social Engineering Attacks” (Aug. 9, 2023).

FBI Official Joins Robinson Bradshaw

Former federal prosecutor and recent FBI Deputy Chief of Staff William Miller, who advised the bureau’s leadership on significant cyber threats, has joined Robinson Bradshaw as co-chair of its government and internal investigations group, and as a member of the cybersecurity and privacy practice group.