Litigation based on the use of tracking cookies and similar technologies, brought under various federal and state wiretap and other privacy laws, has increased steadily over the past several years. While most litigation to date has involved for-profit businesses, a proposed class action lawsuit against a non-profit college was recently settled after surviving a motion to dismiss. Colleges and universities should review the tracking cookies and similar technologies installed a

On August 1, 2025, the PRC Supreme People’s Court issued the Interpretation II on Issues Concerning the Application of Law in the Trial of Labor Dispute Cases, which establishes uniform legal standards in several employment situations that have raised questions in recent years, including the employment relationship in affiliation arrangements, foreign employees, double wages, and two consecutive fixed-term contracts. U.S. institutions with an RO or WFOE in the PRC should revi

On September 11, 2025, the Cyberspace Administration of China released the Measures for Cybersecurity Incident Reporting, which clarify the specific requirements for network operators regarding cybersecurity incident reporting. The Measures require network operators to report certain incidents within one to four hours, depending on the type of entity involved.   On September 11, 2025, the Cyberspace Administration of China (“ CAC ”) released the Measures for Cybersecurity Inc

Following a December 29, 2025 notice published by the Cyberspace Administration of China, institutions that handle personal information of children in China must report on their handling activities by January 31 each year (starting January 31, 2026); Several recently effective U.S. state comprehensive data privacy laws impact whether/how institutions may engage in targeted advertising to minors; The same U.S. state laws also impact whether/how institutions may “sell” minors’

China’s Ministry of Public Security (“MPS”) penalized Dior Shanghai for breaching personal information protection obligations, following an investigation into a data breach incident. MPS identified the following violations during the investigation: failure to implement a cross-border transfer mechanism; failure to fully inform data subjects about how their personal information would be handled by an overseas recipient; failure to obtain separate consent for cross-border trans

On August 2, 2025, provisions of the EU AI Act addressing large “general-purpose AI” (GPAI) models took effect. The provisions include transparency and copyright compliance obligations for all GPAI models and heightened safety and security obligations for GPAI models with “systemic risk.” For institutions of higher education adopting and using AI tools powered by large GPAI models, these provisions will likely produce useful information for conducting due diligence and framin