Key Priorities for 2025
Issues to consider in allocating your budget
Regulators and legislators have signaled that there are some key privacy and advertising issues to be sure to get right this coming year. To help you allocate your legal/compliance budget, we asked our team “What is one legal issue (or to do item) to prioritize in 2025?” Here are their answers:
CHILDREN YOUNGER THAN 18 (from Justine Young Gottshall): This is the top privacy compliance issue of 2025. We now have laws in effect and several more coming that significantly regulate the collection and use of data for anyone younger than age 18 (and in some cases 16 or 17). The spotlight is on minors and I anticipate regulation will continue to grow.
DONATIONS (from Heather Nolan): Find out whether your organization offers to make a donation in connection with someone’s behavior (“round up your purchase”, “follow us and we’ll donate”), and consider your compliance requirements. California’s new law and regs are in effect and they extend to offers that haven’t before been covered. And an even broader law in Hawaii is slated for 2026.
WEBSITE TRACKING (from Chloe Nelson): Given the recent warnings and guidance from regulators on the use of website tracking technologies, businesses will need to do more than simply put up a cookie banner. Businesses should take steps to properly manage their cookies and tags and avoid using common dark patterns in presenting privacy choices. Failing to honor consumers' privacy choices in 2025 is more likely than ever to result in regulatory action, fines, and reputational harm.
ARTIFICIAL INTELLIGENCE:
(from Dhara Shah) It is no surprise that AI will continue to be the hot topic both in the headlines and for companies in 2025. This past year, states across the US set the stage for the influx of AI-related regulations that will shape the industry, with California leading the pack - expect this to continue into the new year. This means businesses will need to be intentional in balancing regulatory requirements (policies, assessments, & more!) with ethical considerations as they continue to adopt and build AI tools. 2025 will also bring us global AI considerations, including the EU AI Code of Practice, which will provide rules under the EU AI Act.
(from Tatyana Ruderman) And, when adopting AI tools, businesses should evaluate carefully before allowing AI vendors to access their data sets, including to ensure they will only use the data as intended and support you in complying with AI laws and regulations.
(from Rosanne Yang) Finally, expect much more exploration in the courts and through legislative action regarding intellectual property issues connected with the creation and use of AI. Businesses should ensure that their contracts and employees are clear on permitted and prohibited uses, as well as disclosures to the business regarding use, to help navigate upcoming changes and clarifications in the law.
8 CONSUMER PRIVACY LAWS GOING INTO EFFECT IN 2025 (from Larisa Kupinszky Gamberg): In 2025, Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Tennessee, Minnesota, and Maryland will implement consumer privacy laws, with five of these laws taking effect in January alone. Businesses subject to these laws will need to act quickly to update their privacy notices and data subject request processes to account for these changes. Some notable nuances among these statutes include Delaware’s applicability to non profits organizations and HIPAA covered entities, and Minnesota’s data inventory mandate.
THE LONE STAR RISES AND ENFORCEMENT OF EXISTING STATE COMPREHENSIVE PRIVACY LAWS (from Max Landaw) While there are many new state privacy laws which are taking effect, businesses need to be aware of which states are making enforcement of such laws a priority. Recently, Texas has shown itself to rival California as the state that is placing the most emphasis on privacy enforcement. Texas passed the Texas Privacy and Data Security Act (TDPSA) which became effective in July 2024. The attorney general of Texas has used this law and a number of other more narrow laws to investigate businesses regarding the sale of driver data, misuse of minor personal data, improper use of biometric data, and so on. If your business offers its products or services in Texas, you will want to make sure you have the TDPSA on your mind as Texas has shown an eagerness to investigate violations of this young law.
GOVERNANCE (from Foram Dmytryk) - As businesses grapple with the pressure to adopt new technologies while navigating a complex legal landscape, the need to have a formalized governance program is critical especially around areas that are subject to enforcement such as use of AI, sensitive data, loyalty program etc. The benefits of having such governance will exceed beyond simply meeting legal requirements to sparking internal conversations within teams to drive innovation and win consumer trust.
THIRD PARTY CERTIFICATION, particularly in relation to environmental claims (from Mindy Abern) Third-party certification does not eliminate a marketer’s obligation to have substantiation for all claims reasonably communicated by the certification. Because it is highly unlikely that marketers can substantiate general environmental benefit claims, marketers should not use environmental certifications or seals that do not convey the basis for the certification.
GREEN MARKETING, especially RECYCLING, CARBON CLAIMS, ASPIRATIONAL CLAIMS (from Sophia Allen) Speaking of environmental claims, take a fresh look at your materials to see what green claims your business is making. Are you making claims about the recyclability of your products? How about carbon emissions? Have you accounted for your company’s use of AI when crafting your aspirational claims? We expect that regulators and consumers alike will continue paying close attention to these issues in 2025.
MADE IN USA (from Mindy Abern) Marketers are subject to civil penalties if they use an unqualified Made in USA label on a product that is not “all or virtually all” made in the U.S., including claims made online. Many factors including assembly, processing, and ingredients determine whether something is “all or virtually all” made in USA.
SUBSCRIPTION COMPLIANCE (from Sara Chubb) - The FTC’s Click to Cancel Rule comes into effect in 2025 and California and Minnesota enacted more stringent auto-renewal laws in 2024. At a high level, the laws require affirmative consent to the autorenewal offer and simple cancellation methods that avoid “dark patterns” and significantly limit “save attempts,” among other requirements. Expect the FTC and regulators in these states to begin enforcement of these new requirements in 2025.
PRICE ADVERTISING & “JUNK FEE” LAWS (from Ben Stein) - While the final junk-fee rule ultimately adopted by the FTC in December applies only to live-event ticket sales and short-term lodging, companies in other industries are not out of the woods. California and Minnesota already have their own broader laws that require an advertised price to generally include all mandatory charges (excl. tax and shipping - but not handling). CA’s law notably includes a private right of action and statutory damages of $1000 per violation. Business should review their price-advertising practices accordingly and – with the FTC’s final rule significantly narrower than originally proposed – anticipate that other consumer-friendly states may follow CA and MN’s lead in 2025.
REAL MONEY GAMING (RMG) COMPLIANCE (from John Allaire) We are likely to see increased enforcement from State Attorneys General and State Gaming Commissions, especially in areas like fantasy sports and sweepstakes casinos. As gaming regulatory frameworks continue to evolve, businesses outside the gaming sector, such as marketers and platform providers, must also take note. Partnering with RMG operators could trigger licensing and regulatory requirements, and non-compliance with state-specific laws can lead to severe penalties. Before doing business in the space, companies need to thoroughly understand the RMG legal landscape in order to mitigate risk.
Calling and Texting Compliance (from Brian Schaller). We foresee continued uncertainty and litigation related to calling and texting regarding the Federal Telephone Consumer Protection Act (TCPA) and the state statutes regulating to the same (mini-TCPAs), this includes the Supreme Court again slated to weigh in on the TCPA. The decision could have significant effect on litigation. In the face of this, we recommend that businesses evaluate calling and texting practices to ensure compliance.
Influencers + Music Will Continue to Confound Brands (from Jamie Rubin). The story is becoming common, but the demands and lawsuits are continuing. Moreover, the dollars at issue are growing. Brands launch social media campaigns and engage one or many influencers as an integral part of the execution. Influencers are given some leeway with their content creation and use music that is “available” on social media platforms for their brand posts. Some music that is available on a platform is indeed cleared for use in ads, and that music is offered in a special catalog on the platform. The rest of the music floating around on the platform is not part of that cleared catalog. Confusion abound! Record labels intend to hold brands accountable for what their influencers do with the labels’ music, and thus far, labels are demanding in the 8 and 9 figure range for that alleged unauthorized use. Copyright Law in the U.S. supports those demands. In other words, these aren’t nuisance demands or lawsuits. Given the money at stake, this is a major liability issue for brands to tackle as we go into 2025.
Originally published by InfoLawGroup LLP. If you would like to receive regular emails from us, in which we share updates and our take on current legal news, please subscribe to InfoLawGroup’s Insights HERE.