Katten's Privacy, Data and Cybersecurity Quick Clicks is a monthly newsletter highlighting the latest news and legal developments involving privacy, data and cybersecurity issues across the globe.
To read more issues of Katten's Privacy, Data and Cybersecurity Quick Clicks, please click here.
Byte-Sized Protection: Keeping Kids Safe Online, One Risk Assessment at a Time
By Terry Green
On April 24, the UK Office of Communications (Ofcom) published a major policy statement containing six volumes and eight finalized guidance as part of its Phase 2 implementation of the Online Safety Act (OSA) for protecting children from harm online. Given the media coverage and Ofcom's policy statement, the protection of children online is under even greater scrutiny than before. The protection of children on the internet has been a huge focus in the media lately, from calls for protection of children online from bereaved parents travelling to the United States to calls from the Duke and Duchess of Sussex for more to be done to protect children online. Read more about the additional measures that will be implemented to keep kids safe online.
*Larry Wong, trainee in Katten's London office, contributed to this article.
US House of Representatives Pass the Take It Down Act
By Trisha Sircar
On April 28, the US House of Representatives voted 409-2 to pass S.146, the Take it Down Act. The bill aims to stop the misuse of artificial intelligence (AI) created illicit imagery and deepfake abuse. The bill will be enforced by the Federal Trade Commission (FTC) and requires online platforms to remove nonconsensual intimate imagery (NCII) within 48 hours of a request. The bill also makes it illegal for a person to "knowingly publish" authentic or synthetic NCII and outlines separate penalties for when the image depicts an adult or a minor. Read more about the Take It Down Act and criticisms from free speech advocates and digital rights groups.
Choose Your GenAI Model Providers, Models and Use Cases Wisely
By Michael Justus
Generative AI (GenAI) vendors, models, and uses cases are not created equal. Model providers must be trusted to handle sensitive data. Models, like tools in a toolbox, may be better suited for some jobs than others. Use cases vary widely in risk. When it comes to selection of GenAI model providers (e.g., tech companies and others offering models) and their models, due diligence is wise. However, once the appropriate provider and model are selected, the job is not done. Use cases must also be scrutinized, then policies and training reflecting enterprise risk tolerance should be implemented. Read more about tips for businesses using GenAI in their day-to-day operations.
Second Circuit Sets Precedent Limiting VPPA in Facebook Pixel Cases
By Ted Huffman
Over the past several years, class action litigants have flooded federal dockets with Video Privacy Protection Act (VPPA) cases against companies that embed Facebook's Pixel tool on their websites. The plaintiffs have generally claimed that Pixel improperly tracks and relays information about consumers' video watching habits and that the transfer of such data to Facebook violates VPPA's data privacy protections. The Second Circuit just turned the tide this month on that category of VPPA claims. In Solomon v. Flipps Media, Inc., the court held that an online video provider does not violate VPPA simply by disclosing PII if an "ordinary person" cannot readily identify a specific individual's video-watching behavior from the data disclosed. Read more about the "ordinary person" standard and why the decision is favorable for defendants.
Walking the Talk, Ofcom's Online Safety Act Enforcement
By Terry Green
Back in March 2025, we published an article highlighting that Ofcom will be turning up the heat to ramp up pressure on platforms in relation to their duties under the UK's OSA. There has been a flurry of activity from Ofcom on OSA compliance, and it appears that the heat has indeed been turned up. On May 9, Ofcom published that it has opened an investigation into two services regulated under Part 5 of the OSA, namely Itai Tech Ltd and Score Internet Group LLC. This investigation was initiated as part of Ofcom's January 2025 Enforcement Programme into age assurance. It appears that some services failed to respond to Ofcom's request in January 2025 and do not appear to have taken steps to implement measures in line with their duties under the OSA. Read about OSA enforcement.
*Larry Wong, trainee in Katten's London office, contributed to this article.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
