May 21, 2025

Texas AG’s Billion-Dollar Settlement With Google Highlights Biometric Data Use Compliance Considerations

Make room, Biometric Information Privacy Act. This month, the Texas AG used the state’s biometric law (CUBI) to help secure a $1.375‑billion settlement with Google, resolving two privacy complaints centered on the tech giant’s use of individuals’ biometric, geolocation and incognito-mode search data. CUBI allows $25,000 in damages per violation. The settlement, which echoes the billion-dollar settlement with Meta in 2024, highlights the AG’s broad interpretation of CUBI’s provisions. With insights from experts at Baker Botts, Blank Rome, Carter Ledyard & Milburn and Haynes & Boone, this article examines the circumstances surrounding the settlement, offers four biometric law compliance considerations, and discusses regulatory and litigation risk factors highlighted by the case. See “What Texas’ Record $1.4‑Billion Deal With Meta Portends for Biometric Data Capture and Use” (Aug. 21, 2024).

Update on Digital Governance in India and China

As the two largest economies in Asia, China and India have introduced, and continue to release, new laws and regulations concerning digital governance and trust, imposing comprehensive compliance requirements across data protection, privacy, cybersecurity and AI. Navigating challenges and finding practical solutions for compliance with those laws is essential for businesses. This article synthesizes insights offered during the IAPP Global Privacy Summit 2025 on China’s comprehensive regulatory regime, including its evolving approach to cross-border data transfers, India’s evolving data protection regime and ways for global organizations to navigate disparate local requirements. Speakers included attorneys from Dell Technologies, Persistent Systems, Volkswagen and Reed Smith. See “Navigating Recent Changes to China’s Data Privacy Laws in Internal Investigations” (Jun. 19, 2024).

Survey Finds Investment Managers Increasing Use of Alternative Data

As alternative data (alt data) becomes part of mainstream investing, investment professionals are seeking new data sources and enhanced analytical capabilities. A recent survey conducted by alt data platform BattleFin’s and its newly acquired alt data analytics platform, Exabel, assessed demand for alt data, data sources, key challenges associated with using alt data, resources, budgeting and management commitment to alt data. This article details the key findings from the BattleFin survey. See “AI Drives Rise in Private Funds’ Use of Alternative Data” (Mar. 20, 2024).

Former DHS Senior Official Joins Ropes & Gray’s Data, Privacy & Cybersecurity Practice

Ropes & Gray has welcomed Robert Silvers, former Under Secretary for Policy at the U.S. Department of Homeland Security, as co‑chair of the firm’s national security practice and a partner in its data, privacy & cybersecurity practice. He will be based in Washington, D.C., and Silicon Valley. For commentary from Silvers, see “Four Steps to Secure Open-Source Software After CSRB’s Log4j Investigation” (Sep. 7, 2022). For insights from Ropes & Gray, see our two-part series “DOJ Guidance on Bulk Sensitive Data Rules”: Enforcement Grace Period and Prohibited Transactions (May 7, 2025), and Compliance Program, Recordkeeping and Reporting (May 14, 2025).

Foley Welcomes Cybersecurity, Privacy and Technology Partner Duo to Chicago

Daniel Farris and Joe McClendon have joined Foley & Lardner as partners in the firm’s technology transactions, cybersecurity and privacy practice as well as its energy & infrastructure and innovative technology sectors in Chicago. The pair arrives from Norton Rose Fulbright. For commentary from Farris, see our three-part series on the keys to encryption: “Uses and Implementation Challenges” (Mar. 4, 2020), “Legal and Regulatory Framework” (Mar. 11, 2020), and “Effective Policies, Legal’s Role and Third Parties” (Mar. 18, 2020). For insights from Foley, see “Cyber Risks in Aviation: Navigating Turbulent Skies Ahead” (Mar. 22, 2023); and “Drafting Data and Cybersecurity Provisions in Third-Party Vendor Agreements” (Mar. 30, 2022).