Privacy & Data Security

Subscribe to Privacy & Data Security via RSS

The rapid expansion of biometric technologies in sports has created both significant opportunities and complex legal challenges. The proliferation of wearable devices and data collection tools has ushered in what amounts to a “gold rush” for athletes, teams, universities, and companies seeking to use or commercialize biometric data. Heart rate variability, fatigue indicators, movement efficiency, and other performance metrics are increasingly captured in real time and treated as valuable commercial assets.

On July 9, 2025, the Department of Justice (“DOJ”) commenced enforcement of its new Data Security Program (“DSP”) to prevent foreign adversaries from accessing sensitive U.S. data. Created earlier this year, the program seeks to prevent China (including Hong Kong and Macau), Cuba, Iran, North Korea, Russia, and Venezuela (collectively, the “Countries of Concern”), as well as foreign entities or individuals with significant ties to these nations, from gaining access to U.S. government-related data and certain categories of U.S. sensitive personal data. Importantly, the rules apply “regardless of whether the data is anonymized, pseudonymized, de-identified or encrypted.” According to the DOJ, the threat of foreign adversaries collecting and weaponizing U.S. data had become “increasingly urgent, and ensuring prompt compliance with the DSP’s requirements is critical to addressing the administration’s priorities and stopping the flow of U.S. sensitive personal data and government-related data to countries of concern.” The seriousness of any infraction is reflected in the program’s steep civil and criminal penalties. Violators of the DSP could be subject to fines up to $368,136 per violation, or twice the value of each transaction in violation, whichever is greater. Willful violators could face imprisonment of up to 20 years and a $1 million fine.

Each year, upwards of 100,000 music fans pay up to $599 for the ticket price of weekend-long admission to the Coachella Music and Arts festival outside of Palm Springs, California. In 2025, however, nearly 60% of Coachella’s general admission ticket buyers turned to an increasingly ubiquitous short-term loan service to finance the steep cost of admission: Buy Now, Pay Later (“BNPL”). BNPL financial services typically allow consumers to split purchases into four or fewer interest-free installments, often without a traditional credit check. The organizers of Coachella, for example, partnered with a ticketing provider AXS to provide BNPL options allowing festival attendees to purchase tickets for as little as $49.99 up front with the remaining costs due in installments over the next several months.

With great promise comes great scrutiny. As artificial intelligence (“AI”) has become part of industries’ and individuals’ daily repertoire, it has also come under focus by antitrust regulators. The DOJ, in its so-called “Project Gretzky,” is gearing up with data scientists and others to be a tech-savvy version

Making do on its promise to “use every tool” in its arsenal to regulate artificial intelligence (‘AI”), the Federal Trade Commission (“FTC”) unanimously approved a resolution on November 21, 2023 authorizing the use of compulsory process in non-public investigations involving AI-related products and services. 

In a recent public comment addressed to the United States Copyright Office, the Federal Trade Commission seemingly expanded upon remarks made at the National Advertising Division back in September that it will aggressively and proactively challenge alleged unfair practices involving artificial intelligence, even if that means stretching the meaning of “unfair” to increase its jurisdiction over such matters.

This year has seen a tremendous spike in the number of cases alleging violations of the Video Privacy Protection Act (“VPPA”), 18 U.S.C. § 2710, a statute enacted in 1988 in response to the Washington City Paper’s publication of a list of films that then-Supreme Court nominee Robert Bork had rented from a video store. The statute was originally intended to “allow[] consumers to maintain control over personal information divulged and generated in exchange for receiving services from video tape service providers.”

While speaking at the annual conference of the National Advertising Division on September 19, 2023, the Federal Trade Commission (“FTC”) announced a generative AI (“AI”) policy that is consistent with Chairwoman Khan’s focus on the perceived harms to consumers from large technology companies, fully embracing a plan to regulate AI swiftly, aggressively, and proactively. 

The agency began its remarks on AI by observing that its purported policy decision to allow technology companies to self-regulate during the “Web 2.0” era was a mistake. Self-regulation, according to the FTC, was a failure that ultimately resulted in the collection of too much power and too much data by a handful of large technology companies.