Katten's Privacy, Data and Cybersecurity Quick Clicks is a monthly newsletter highlighting the latest news and legal developments involving privacy, data and cybersecurity issues across the globe.
To read more issues of Katten's Privacy, Data and Cybersecurity Quick Clicks, please click here.
FDA's AI-Powered Crackdown on Alleged Deceptive Drug Promotions
By Kate Hardey
On September 9, the US Food and Drug Administration (FDA) announced that it is launching a targeted initiative to combat deceptive drug advertising. According to the announcement, the FDA sent thousands of letters warning pharmaceutical companies to remove alleged misleading ads, in addition to approximately 100 cease-and-desist letters to companies with alleged deceptive ads. Notably, the announcement emphasizes that the agency will aggressively deploy its available enforcement tools and is already implementing artificial intelligence (AI) and other tech-enabled tools to proactively surveil and review drug ads. Read more about the initiative and planned rulemaking to address the "adequate provision" loophole.
The EU Data Act is Here
By Trisha Sircar and Anita Hodea
The European Union Data Act (EDA) took effect on September 12, 2025, after coming into force on January 11, 2024. It is set to reshape how companies handle data generated by connected products, smart devices and cloud services across Europe. Its goal is to create a fairer and more competitive digital economy by enhancing user rights, ensuring fair access to and sharing of data, and maintaining robust data protection safeguards. The EDA applies widely across industries, including both EU and non-EU organizations that manufacture or offer connected products across the European Union, process user-generated data within the European Union or provide data processing services to users in the European Economic Area. Read more about the EDA's applicability, key points and next steps for organizations to ensure compliance.
Ofcom Updates Guidance on Protecting People from Online Suicide and Self-Harm Material Amidst Investigation Into Suicide Forum
By Terry Green and Larry Wong
Four percent of UK internet users have encountered content promoting suicide in the last month, and children are also more likely than adults to encounter such content. The Online Safety Act (OSA) prohibits platforms from hosting content that "encourages or assists suicide," categorizing such content as illegal. The Office of Communications (Ofcom) has been empowered with a wide range of tools to combat this, including provisional notices of contravention, take-down orders, blocking orders, and fines of up to £18 million or 10 percent of global turnover. Read more about Ofcom's first formal investigation under the OSA of an unnamed suicide discussion forum accused of hosting illegal content.
New Texas Law on Storage of Health Care Data
By Lisa Prather and Brandon von Kriegelstein
Texas is imposing new rules for the storage of electronic health records (EHR). Recently enacted Senate Bill 1188 (SB 1188) requires that, as of January 1, 2026, any EHR under the control of a covered entity must be physically maintained in the United States (or a US territory). This requirement applies to all EHRs, regardless of whether they were created prior to January 1, 2026, and whether they are stored by a covered entity or by a third-party on behalf of the covered entity. The covered entity is also required to implement reasonable and appropriate administrative, physical and technical safeguards to protect the confidentiality, integrity and availability of EHRs. Read more about the proposed legislation’s onshore storage requirements and penalties for violations of the new law.
