Welcome to the July edition of Must-know moves in data regulation. Each month, we break down the regulatory and legal developments shaping the data landscape and offer practical takeaways to help you stay ahead in a fast-moving environment.

WHAT TO WATCH

• Web-scraping and data sourcing remain in legal grey territory: Recent settlements and litigation highlight that this space is especially uncertain given all the back and forth generated by pending AI litigation over data ownership, model training, and copyright. Data buyers and providers should expect more debate before clear answers are established.
• App ecosystem and minor verification laws drive new compliance needs: Statutes in Texas, Louisiana, and Utah impose stricter requirements for age verification, parental consent, data minimisation, and transparency in apps accessible to minors. These laws are particularly significant as many minors can bypass rudimentary verification, and compliance now means revisiting technical and disclosure practices across major app marketplaces.
• Litigation continues to shape rules for AI model training: While courts recently favoured Anthropic and Meta, the opinions stress that ‘fair use’ defences are fact-dependent and ongoing litigation or appeals could shift the landscape again.
• Vehicle/driver data litigation and regulatory actions aren’t over yet: The Nebraska suit against GM and OnStar may be a sign that telematics and vehicle-generated data could remain a hotspot for consumer privacy claims and state-level enforcement. We would look out for more cases on the horizon.

REGULATORY RIB-TICKLER

Why did the app store developer break up with their data minimisation protocol?

Because it was collecting too many feelings!