Technology Law and Data Privacy Updates

Latest News

Technology Law and Data Privacy Updates

Monthly Edition - April 2025

INDEX 

A. SUMMARY

B. NATIONAL UPDATES 

C. INTERNATIONAL UPDATES

United States of America

European Union

United Kingdom

Others

D. ABBREVIATIONS

SUMMARY 

Welcome to the latest edition of Fountainhead Legal’s newsletter!

As technology continues to transform how we live, work, and interact, the legal and regulatory landscape is rapidly adapting to keep pace. Around the world, Governments, regulators, and courts are acknowledging a pressing need to modernise outdated frameworks in response to emerging challenges—ranging from AI and digital finance to cross-border data governance and online abuse. This edition of the newsletter captures key legal and policy developments that reflect this global shift, spanning multiple sectors, jurisdictions, and technologies.

In India, the judiciary and executive are signalling sharper focus on digital governance. From the Supreme Court’s intervention on the regulation of obscene content on OTT platforms, to the Delhi High Court’s inquiry into WazirX’s crypto restructuring, courts are pushing for clearer accountability in the digital space. Parallelly, the Government is tightening its stance on online misinformation and deepfakes, expanding cybercrime oversight under the anti-money laundering law, and publishing the country’s first sector-specific cyber threat report for the BFSI sector—highlighting a commitment to institutional and technical resilience. Lastly, a new Aadhaar application has been introduced by the UIDAI promising enhanced user control over identity sharing, but also highlighting ongoing non-compliance with offline verification norms. This is a welcoming step specially after the Government’s decision of revamping the Aadhaar regulations in light of the DPDP Act. Our founder has also shared her views on regulatory changes in Aadhaar regulations.

Founder’s Comments – “One key issue is that the Aadhaar Act does not clearly define “personal data,” instead relying on limited terms like “identity information” and “authentication record.” This creates inconsistencies with DPDP Act, which provides broader and more contemporary definition. Another concern is that while Aadhaar allows users to withdraw consent, it does not require data processors to erase the data afterwards – a requirement explicitly stated in the DPDP Act.”

Rashmi Deshpande, pointed out that many of the entities involved in such processes are not licensed or monitored by UDAI, which raises concerns over consent, transparency and accountability.

“There are also issues around children’s Aadhaar enrolment. While the Aadhaar framework requires parental consent, it does not ensure that consent is verifiable, which is a mandate under Section 9 of the DPDP Act. These kinds of gaps are what the government seeks to resolve through the amendment process.”

ET Legal World (April 16, 2025)

Internationally, the United States has taken a landmark step with the passage of the ‘Take It Down’ Bill, aimed at combating AI-generated abuse and non-consensual intimate imagery. California has proposed a unified platform to simplify data deletion requests from data brokers, while the Florida Bar is urging legal professionals to adopt formal cyber incident response plans. Further, in a major development on the competition front, the court ruled that Google violated federal antitrust laws by entering into exclusionary agreements to set its search engine as the default across devices and browsers.

Meanwhile, the European Union’s regulatory enforcement under the digital competition regulations is reshaping platform accountability, with both Meta and Apple found in violation of user rights and digital market fairness regulations. France’s updates to its mobile application privacy guidelines, signalling towards clearer obligations for developers. Further, the UK’s new Cyber Governance Code for boards, and Ireland’s judgment clarifying employer liability for personal data on work devices—all point toward a maturing, multi-layered approach to digital governance.

Finally, China’s crackdown on the commercial exploitation of minors in online content reflects a growing global consensus: digital environments must evolve not only to foster innovation, but to protect the most vulnerable.

Together, these developments reflect a turning point in digital policy—where privacy, cybersecurity, competition, and ethics are no longer separate conversations, but part of a converging global framework. This newsletter offers a curated overview of how these shifts are taking shape—and what they mean for companies, legal practitioners, and regulators worldwide.

Fountainhead Legal is committed to supporting organizations on this journey. With our deep expertise in data privacy compliance and a strong understanding of regulatory nuances, we offer tailored solutions for each client’s unique needs. From drafting privacy policies and developing data protection frameworks to advising on cross-border data transfers and facilitating employee training programs, our team is equipped to guide clients through every stage of their compliance strategy.

We hope you enjoy our latest updates!

NATIONAL 

1. Court seeks Government’s Response on Regulation of Obscene Content on OTT Platforms[1]

The Supreme Court of India, in Uday Mahurkar & Ors. v. Union of India [Writ Petition (Civil) No. 313/2025], has taken cognizance of a Public Interest Litigation concerning the widespread availability of obscene and indecent content on OTT platforms and social media. The petition raises concerns over the lack of effective regulatory mechanisms to address content that may offend public decency or negatively influence societal values.

Acknowledging the seriousness of the issue, the court observed that the matter warrants careful examination and directed the Union Government to file its response. To ensure timely progress, the court also permitted the petitioners to serve notice through both the Central Agency and email.

This move signals increased judicial focus on digital content regulation. OTT platforms and content providers should closely monitor legal developments and consider reviewing their content moderation practices to ensure alignment with evolving regulatory expectations.

2. Court issued Notice to WazirX and Others including Government Over Alleged Unauthorised Crypto Restructuring [2]

In a recent development in Sudhir Verma & Anr. v. Union of India & Ors. [W.P.(C) No. 14969/2024], the Delhi High Court has issued notice to ‘WazirX’, operated by Zanmai Labs Pvt. Ltd., in response to concerns raised about its restructuring of digital assets. The notice requires WazirX to respond to allegations that it transferred user-held crypto assets to a foreign entity without obtaining proper consent from Indian users.

To re-visit the facts, this case arises from a major cyberattack on the WazirX platform on July 18, 2024, which allegedly led to a loss of INR 2,000 crore in digital assets and froze withdrawals worth an additional INR 4,700 crore. The petitioners claim that WazirX failed to disclose the breach in a timely manner and allowed users to continue transacting even after the attack, thereby compounding the damage.

As such, a key issue raised in the petition is the WazirX’s ongoing corporate restructuring in Singapore. It is alleged that user assets were moved to Zettai Pte. Ltd., a Singapore-based entity, effectively classifying Indian users as “contingent unsecured creditors.” According to the petitioners, this move undermines the rights of Indian investors by removing their access to legal recourse within India’s jurisdiction.

The court has sought a detailed response from the Union of India, RBI, SEBI, and WazirX on the applicable regulatory framework for crypto platforms, as well as on any proposed or ongoing enforcement action. The matter is next listed for hearing on May 15, 2025.

The case underscores the regulatory uncertainty surrounding digital assets in India. As scrutiny increases, crypto exchanges must ensure transparency in asset handling, data security, and cross-border governance structures to maintain user trust and regulatory compliance.

3. Government Strengthen Measures to Combat Deepfakes and Online Misinformation[3]

In a move to address the growing misuse of AI and digital platforms, the Government has introduced a set of measures aimed at tackling deepfakes and online misinformation. Announced on April 4, 2025, these steps are part of an ongoing effort to ensure online safety, accountability, and legal compliance in the digital ecosystem.

The initiatives include stricter enforcement of the Intermediary Rules under the IT Act which require platforms to act swiftly against unlawful or harmful content. A new grievance redressal structure, including appellate committees, offers users a formal mechanism to challenge content moderation decisions. The Government has also reiterated its expectations for platforms to prevent misuse of AI tools and maintain robust content moderation policies.

Authorities such as the I4C and CERT-In continue to play a key role in issuing alerts, monitoring threats, and supporting investigations related to digital manipulation, including deepfakes.

These developments highlight India’s increasing regulatory vigilance over digital platforms. Companies operating in this space should strengthen internal controls, update content governance protocols, and ensure prompt redressal systems are in place to avoid legal and reputational risks.

4. ‘Digital Threat Report 2024’ released to Strengthen Cyber Security in BFSI Sector[4]

On April 7, 2025, the MeitY, in collaboration with CERT-In, CSIRT-Fin, and global cybersecurity firm SISA Information Security Private Limited (“SISA”), released the Digital Threat Report 2024 (“Report”)—India’s first sector-specific cybersecurity report for the Banking, Financial Services, and Insurance (BFSI) industry.

The Report maps current and emerging cyber threats and offers practical strategies to enhance sector-wide resilience. It identifies key vulnerabilities and highlights the need for an integrated, intelligence-driven approach to cyber defence. It warns of increasing threats from AI-powered attacks, financial fraud, and compliance challenges arising from rapid digitisation. The Report relies on SISA’s forensic investigations, CERT-In’s cybersecurity oversight, and CSIRT-Fin’s sectoral response expertise, offering real-world insights and solutions and urges financial institutions to adopt preventive and responsive security measures to safeguard India’s digital financial infrastructure.

The release of this sector-specific cybersecurity report reflects a growing recognition that industry-specific digital risk profiles require tailored mitigation strategies. As cyber threats evolve, especially with the use of AI and complex fraud techniques, similar reports should be developed for other critical sectors such as healthcare, energy, and telecom. These initiatives will not only strengthen national cyber resilience but also provide industry players with actionable insights to stay ahead of emerging threats.

5. Government empowers Cybercrime Unit Under Anti-Money Laundering Regulation[5]

On April 25, 2025, the MoF issued a notification under the PMLA, formally designating ‘I4C’ as an authorised body for information sharing under Section 66(1)(ii) of the PMLA. This amendment adds I4C to the list of agencies empowered to receive information related to money laundering cases.

The move reflects the Government’s growing focus on tackling cyber-enabled financial crimes by linking digital crime intelligence with money laundering investigations. With I4C now part of the PMLA framework, coordination between cybercrime agencies and financial regulators like the Enforcement Directorate is expected to improve. I4C will be able to support investigations through digital forensics and analysis of suspicious transaction patterns, especially in cases involving online fraud and virtual assets.

6. New Aadhaar Application launched Amid Growing Concerns Over Offline Verification Practices[6]

In a move to enhance digital identity authentication, the UIDAI has launched a new mobile application aimed at streamlining Aadhaar-based offline verification. The application enables users to generate secure QR codes for identity validation, eliminating the need to share physical copies of Aadhaar and helping reduce the risk of data misuse.

While the application aims to strengthen privacy and enable seamless real-time authentication, it also draws attention to a persistent compliance gap. Under the Aadhaar (Authentication and Offline Verification) Regulations, 2021, entities are required to use secure offline verification methods—such as the digitally signed XML file—and avoid collecting full Aadhaar photocopies. However, many continue to demand physical copies without redacting the first eight digits of the Aadhaar number. This widespread disregard for UIDAI’s privacy safeguards not only breaches regulatory mandates but also exposes individuals to unnecessary data risks.

The launch of the new app is a timely reminder of the need to align technological tools with regulatory enforcement. As digital identity systems evolve, the efficacy of privacy safeguards will depend as much on innovation as on adherence to the law.

INTERNATIONAL 

UNITED STATES OF AMERICA

7. House of Representatives approves ‘Take It Down Act’ to Tackle Non-Consensual Deepfakes [7]

On April 30, 2025, the U.S. House passed the Take It Down Bill (“Bill”), following earlier Senate approval. The Bill now awaits the President’s signature. It criminalizes the publication of Non-Consensual Intimate Imagery (“NCII”) i.e., sexually explicit or intimate images of individuals that are shared or distributed without their consent, whether they are real or digitally manipulated using AI. This includes deepfake pornography, revenge porn, or the leaking of private images—often causing serious emotional, reputational, and safety consequences for victims.

The Bill introduces a legal obligation for online platforms to remove NCII content within 48 hours of a verified report. Failure to comply may result in civil penalties enforced by the FTC under existing laws governing deceptive or unfair trade practices. In cases involving intentional or malicious distribution, criminal penalties may also apply under related federal statutes.

Further, victims are entitled to restitution, and courts may order forfeiture of related assets. Exceptions apply for disclosures made in good faith for legal, medical, or public interest reasons. The Bill aims to ensure faster removal of harmful content and stronger protections against digital exploitation.

The Bill is expected to directly impact social media companies, image-hosting sites, and messaging platforms, requiring them to develop prompt and effective content moderation processes. The Bill marks a turning point in how legislatures are responding to the risks posed by AI-generated abuse and digital exploitation. By requiring swift takedowns and introducing consequences for inaction, the law increases accountability in the tech ecosystem. It also sets a precedent for other jurisdictions exploring legal tools to protect users against emerging forms of online harm.

8. Disclosure Obligations for Crypto Assets Clarified[8]

On April 10, 2025, the SEC issued a statement entitled Offerings and Registration of Securities in Crypto Asset Markets (“Statement”) outlining guidance on the application of federal securities laws to offerings and registrations involving crypto assets. This initiative aims to enhance clarity and consistency in disclosures related to crypto asset securities.​

The Statement emphasizes that issuers whose operations involve crypto assets—whether through networks, applications, or investment contracts—must adhere to existing disclosure requirements under federal securities laws i.e., the Securities Act, 1933 and the Securities Exchange Act, 1934. This includes providing comprehensive information about the nature of the crypto assets, the rights and obligations they confer. Statement also calls for transparent disclosure of associated risks—such as governance mechanisms, reliance on key third parties, and susceptibility to changes in protocols. Additionally, the SEC urges issuers to address technological and regulatory uncertainties surrounding the crypto ecosystem.

This initiative is part of the SEC’s broader efforts to ensure investor protection and promote informed decision-making in the evolving digital asset landscape. This development follows the formation of the SEC’s Crypto Task Force by Acting Chairman Mark T. Uyeda, which seeks to establish a comprehensive regulatory framework for crypto assets. The Statement underscores the importance of transparency and investor protection in the rapidly evolving crypto market.

9. California proposes Central Platform to Simplify Data Deletion from Data Brokers[9]

On April 25, 2025, CPPA released draft regulations titled the Regulations to Establish the Delete Request and Opt-Out Platform (DROP) (“Draft Regulations”) under the California Delete Act ,2023 (“Delete Act”). The Draft Regulations aims to give consumers a single, convenient way to request the deletion of their personal data from all registered data brokers, eliminating the need to contact each broker individually.

Under the Draft Regulations, data brokers would be required to access the ‘DROP’ system at least once every 45 days to check for and act on deletion requests. If a user’s personal information matches more than 50% of key identifiers (such as name, date of birth, and zip code), the broker must delete the data. If there is no match, the request must still be stored for compliance tracking purposes.

The Draft Regulations set out how data brokers should standardize data fields to improve matching accuracy. Beginning in 2028, data brokers will be subject to third-party audits every 3 years to ensure they are complying with the requirements of the Delete Act and the DROP system.

The Draft Regulations are open for public feedback till June 10, 2025.

10. Florida Bar recommends Cybersecurity Incident Response Plans for Legal Professionals[10]

On March 27, 2025, the Florida Bar Committee on Cybersecurity and Privacy Law (“Committee”) issued Recommendation 25-1(“Recommendation”), encouraging all members and their associated law firms to voluntarily adopt and annually maintain an Incident Response Plan (“IRP”) tailored to their practice. The Recommendation highlights growing cybersecurity risks and the need for structured preparation within the legal profession.

The Committee advises that all legal practices—regardless of size—should maintain clear procedures to detect, manage, and respond to cyber incidents. Suggested steps include mapping out the types of data handled by the firm, regularly assessing cybersecurity readiness, and clearly outlining roles, responsibilities, and communication protocols in the event of a breach.

Although not mandatory, the Recommendation is intended to assist law fraternity to protect sensitive client and business information, maintain operational continuity, and fulfil ethical obligations in an increasingly digital legal environment.

This highlights how privacy and cybersecurity obligations are expanding across all sectors—including the legal industry itself. As regulations evolve and digital threats increase, law firms are expected not only to protect client data but also to demonstrate proactive risk management. Implementing an IPR is becoming a core element of legal and ethical compliance in today’s privacy-conscious landscape.

11. Google held Liable for Violation of Anti-trust Regulations[11]

The U.S. District Court for the Eastern District of Virginia held Google LLC (“Google”) liable for violations of anti-trust laws in United States et al. v. Google LLC, (No. 1:23-cv-00108). The case, originally filed in 2020, alleged that Google secured its position by entering into agreements with device manufacturers (such as Apple Inc.), browser companies etc., to set ‘Google Search’ as the default option—limiting user choice and ultimately restricting rival search engines from fair competition.

The court found that these agreements were designed not for better performance but to exclude competitors and entrench Google’s monopoly. This conduct, the court held, breached Section 2 of the Sherman Antitrust Act, 1890. A separate proceeding will determine the remedies, which may include restrictions on how Google negotiates default placements or more significant structural changes.

This ruling could reshape how dominant digital platforms operate, especially in how they negotiate default service agreements that affect user access and market competition.

EUROPEAN UNION

12. Meta and Apple Liable for Breach of Digital Competition Laws[12]

On April 23, 2025, the European Commission (“Commission”) issued its first formal findings concluding that both Meta Platforms Ireland Limited (“Meta”) and Apple Inc.(“Apple”) breached core obligations as outlined in DMA.

It was observed that Apple had restricted app developers from informing users about alternative payment options outside the App Store. These “anti-steering” limitations were held to violate Article 5(4) of the DMA, which requires gatekeepers to allow businesses to communicate freely with their users. As a result, Apple faces a significant fine and is required to remove the offending restrictions.

In a separate finding, Meta was found to have violated Article 5(2) of the DMA through its “Consent or Pay” model, which gave users of Facebook and Instagram a binary choice: either accept extensive personal data processing for targeted ads or pay a monthly fee to opt out. The Commission held that this model did not offer users a real alternative and undermined the principle of freely given consent under EU law. As such, the Commission has imposed a fine of Euro 500 million on Apple and Euro 200 million on Meta for the violations.

13. Mobile Application Privacy Guidelines updated to clarify Developer Obligations [13]

On April 8, 2025, the French Data Protection Authority published an updated version of its Recommendations on Mobile Applications (the “Guidelines”), aimed at assisting developers ensure their mobile applications comply with data protection requirements. Originally adopted in 2024, the Guidelines are intended to address the specific risks mobile environments pose to user privacy, including issues around consent, transparency, and data minimisation.

The April 2025 revision includes technical corrections and clarifications in response to stakeholder feedback, such as refinements on how consent should be collected for accessing device features (such as location or contact lists), clearer explanations on distinguishing between technical and tracking cookies, and added examples to support transparency obligations in user interfaces.

With increasing scrutiny of data practices, companies should actively adhere to such guidelines to ensure they are meeting regulatory expectations. In particular, businesses must ensure they implement precise consent mechanisms, avoid unnecessary data access, and offer users clear, accessible information about how their data is processed.

UNITED KINGDOM

14. Cyber Governance Code of Practice released[14]

On April 8, 2025, the Government released the Cyber Governance Code of Practice (“Guidelines”) aimed at assisting company boards and senior leadership to effectively manage cyber risks. Developed in collaboration with the National Cyber Security Centre and industry stakeholders, the Guidelines provides practical guidance to ensure that cyber security is treated as a key governance priority rather than just a technical issue.

The Guidelines outlines five core principles for effective oversight i.e., identifying and protecting critical digital assets; aligning cyber risk management with overall business strategy; promoting accountability and cyber awareness among leadership; preparing for and responding to cyber incidents; and regularly reviewing the effectiveness of cyber governance measures. The Guidelines are voluntary but strongly encouraged, especially for directors of larger or digitally dependent organizations. It is supported by a wider toolkit and training materials to help boards translate high-level principles into actionable governance practices. By promoting board-level engagement in cyber security, the initiative seeks to strengthen organizational resilience and mitigate growing digital threats.

15. Court clarifies Employer’s Liability for Personal Data stored on Work Devices[15]

In Eamon McShane v. Data Protection Commission & Health Service Executive [2025 IEHC 191], the Irish High Court rejected a challenge against the DPC for dismissing a complaint that alleged the Health Service Executive (“HSE”) was responsible for a breach of personal data stored on a work-issued phone. The applicant, a fire prevention officer, claimed that his personal email and cryptocurrency accounts were compromised following a major cyberattack on the HSE in 2021. The applicant believed the breach was linked to his work phone, which he had used for both work and personal matters.

The DPC declined to investigate further, finding that the HSE was not the “data controller” of the personal (non-work) data stored on the phone, as its use was unauthorised and contrary to the HSE’s ICT policy. The court upheld this view, holding that the DPC had lawfully and proportionately limited its investigation based on the scope of the complaint, which focused solely on personal data outside the employer’s control. It found no legal error or irrationality in the decision and refused to order a fresh investigation.

The decision underscores the need for companies to implement clear, enforceable policies on personal use of work devices and to regularly communicate these to employees. To mitigate risk and uphold GDPR compliance, employers should ensure they maintain control over how personal data is processed on corporate equipment. This includes monitoring usage boundaries, securing consent where needed, and clearly defining their role as data controllers in internal protocols.

OTHERS

16. China – CAC Cracks Down on Online Abuse of Minors’ Images [16]

CAC has launched a major enforcement drive to curb the misuse of children’s images online. Over 11,000 social media accounts have been penalized for exploiting minors. Some accounts deliberately created scripted, exaggerated, or emotionally manipulative videos involving children—often depicting fake abuse, forced crying, or overdramatized hardship—to attract views and monetization. Further, videos and photos of minors were widely shared without proper consent, including sensitive moments like medical visits or school incidents, violating children’s right to privacy.

The CAC has urged platforms to strengthen moderation systems and enable stricter “minor protection” settings. Authorities also flagged a concerning trend where adults pose as children to spread misleading or damaging content, prompting renewed focus on proactive monitoring.

This move reinforces growing regulatory expectations around child protection in digital media. Platforms and content creators operating in China should closely review their content policies, moderation tools, and advertising models to avoid legal risk and ensure responsible treatment of minors in online environments.

ABBREVIATIONS
  • CAC – Cyberspace Administration of China
  • CERT-In – Indian Computer Emergency Response Team
  • CPPA – California Privacy Protection Agency
  • CSIRT-FinComputer Security Incident Response Team in the Finance sector
  • DMA – Digital Market Act, 2022
  • DPC – Data Protection Commission
  • FTC – Federal Trade Commission
  • I4C – Indian Cyber Crime Coordination Centre
  • ICT – Information and Communication Technology
  • Intermediary Rules – Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021
  • IT Act – Information Technology Act, 2000
  • MoF – Ministry of Finance
  • OTT – Over-the-Top
  • PMLA – Prevention of Money Laundering Act, 2002
  • SEC – U S. Securities and Exchange Commission
  • UIDAI – Unique Identification Authority of India

Authors:

  • Rashmi Deshpande
  • Aarushi Ghai
  • Shriya Haridas

Download File:

[1] https://api.sci.gov.in/supremecourt/2025/16358/16358_2025_2_45_61306_Order_28-Apr-2025.pdf
[2] https://delhihighcourt.nic.in/app/party-name-wise-status-details/eyJpdiI6IjJHVVI4VFh2TDJlUkpHZGdhYVlweGc9PSIsInZhbHVlIjoiVHVHTnBhUlRVaE8wKzR2dnVaU0J3Zz09IiwibWFjIjoiZTEwZDU3NTZjZDk5OTY2NzcyOWVhMGJlZGE2ZjRmZjI5NDhjNjk2MWNjMjhmOGI0ZWFiYzQ4YjgzZjFlNzQ2NiIsInRhZyI6IiJ9/eyJpdiI6Im50RVllUzcrQ2lxd0tmbEJNcDZYUHc9PSIsInZhbHVlIjoiS1grajNCV3d5aDJ5KzIwLzBhS01SUT09IiwibWFjIjoiMmNlMTk1OGEzN2UyZGQ2NmNjYmM5OTFlMGE1NzJhNzEwYTUxYjA4ZTY1ZGRjZTlhODVlNWE4NTE1M2YzOWEyNSIsInRhZyI6IiJ9/eyJpdiI6IjFLczEvclJBV0x6YzAvdmJXdjd0R3c9PSIsInZhbHVlIjoiVjlFdzNMZEltZFdXblR2YjJGbU9rZz09IiwibWFjIjoiNTQ0N2IzMjE1MGE1NmE1NzYxMDM3ZjBkMzY2ZmY4NGUyYzljZDkwYzlkMmIxMDA3ODJjNjUzNDM2ZGZmODhkOCIsInRhZyI6IiJ9</a
[3]https://pib.gov.in/PressReleasePage.aspx?PRID=2119050
[4]https://pib.gov.in/PressReleasePage.aspx?PRID=2119801
[5]https://docs.publicnow.com/viewDoc?filename=32433%5CEXT%5C40530FD660C5ABE9390A8D34BC6F769D1E9B6560_A48C05104311EAB5A201249CC6EAC2C9A92ED514.PDF
[6]https://pib.gov.in/PressReleasePage.aspx?PRID=2120162
[7] https://www.commerce.senate.gov/2025/4/take-it-down-act-passes-the-house-heads-to-president-trump-s-desk
[8] https://www.sec.gov/newsroom/speeches-statements/cf-crypto-securities-041025
[9] https://cppa.ca.gov/regulations/drop.html
[10] https://www.workplaceprivacyreport.com/wp-content/uploads/sites/938/2025/04/FL-Bar-Committee-on-Cybersecurity-and-Privacy-Law-Recommendation-25-1.pdf
[11] https://www.justice.gov/opa/pr/department-justice-prevails-landmark-antitrust-case-against-google#:~:text=Google%2C%20the%20U.S.%20District%20Court,information%20on%20the%20open%20web.%E2%80%9D
[12] https://ec.europa.eu/commission/presscorner/detail/en/ip_25_1085
[13] https://www.cnil.fr/sites/cnil/files/2025-04/recommandation-applications-mobiles-modifiee.pdf
[14] https://www.gov.uk/government/publications/cyber-governance-code-of-practice/cyber-governance-code-of-practice
[15] https://www.courts.ie/acc/alfresco/e422caa7-645d-4f30-8630-dccd67ac1b9c/2025_IEHC_191.pdf/pdf#view=fitH
[16] https://www.cac.gov.cn/2025-04/18/c_1746514950807894.htm?mkt_tok=MTM4LUVaTS0wNDIAAAGaJXoPbE2qss-v6yTxsZXakwZTseHbsx5O5JUyi_mfM8PuUC-IbLlybp1VtYNwl53lInVbmdJgmHmnjKlasUi1ypjKcKSKjEanb9d9-XU0rAQ7NQ

Disclaimer

Current rules of the Bar Council of India impose restrictions on maintaining a web page and do not permit lawyers to provide information concerning their areas of practice. Fountainhead Legal is, therefore, constrained from providing any further information on this web page except as stated below.

The rules of the Bar Council of India prohibit law firms from soliciting work or advertising in any manner. By clicking on ‘I AGREE’, the user acknowledges that:

The user wishes to gain more information about Fountainhead Legal, its practice areas and the firm’s lawyers, for his/her own information and use;

The information is made available/provided to the user only on his/her specific request and any information obtained or material downloaded from this website is completely at the user’s volition and any transmission, receipt or use of this site is not intended to, and will not, create any lawyer-client relationship; and

None of the information contained on the website is in the nature of a legal opinion or otherwise amounts to any legal advice.

Fountainhead Legal, is not liable for any consequence of any action taken by the user relying on material/information provided under this website. In cases where the user has any legal issues, he/she in all cases must seek independent legal advice.

I Agree I Disagree