On July 24, 2025, the California Privacy Protection Agency (CPPA) Board unanimously approved amendments to the California Consumer Privacy Act (CCPA). These substantial changes include new compliance obligations for...more
In December 2024, Jonathan Gabrielli filed several claims alleging that Motorola Mobility LLC (Motorola) misrepresented its data usage policy and shared his personal data with third parties, including Google, Amazon, and...more
Before assuming his new role as Executive Director for the California Privacy Protection Agency (CPPA), Tom Kemp served as a volunteer policy advisor on the Delete Act in 2023 and California’s 2020 ballot initiative, which...more
The 1988 Video Privacy Protection Act (VVPA) prohibits the disclosure of VHS rental history; now, in a recent class action where the VPPA was invoked by the plaintiffs, the parties’ voluntary settlement signals developments...more
In a significant win for Royal Caribbean Cruises, a federal judge dismissed a lawsuit that alleged the cruise line’s website violated a California privacy law by using a TikTok tracking tool. The case, Kishnani v. Royal...more
On July 1, 2025, California Attorney General Rob Bonta announced a settlement with Healthline Media LLC stemming from alleged violations of the state’s consumer privacy law, the California Consumer Privacy Act (CCPA)....more
It’s 2025, and somehow, we’re still dealing with lawsuits over a law that was born in the pen registers and rotary phones era. That law, the California Invasion of Privacy Act (CIPA), a decades-old statute that’s suddenly...more
This week, the U.S. District Court for the Northern District of California ruled in favor of children’s clothing retailer Janie & Jack, which sought to enjoin over 2,400 individual arbitration claims resulting from alleged...more
Yahoo’s ConnectID is a cookieless identity solution that allows advertisers and publishers to personalize, measure, and perform ad campaigns by leveraging first-party data and 1-to-1 consumer relationships. ConnectID uses...more
Last week, the California Privacy Protection Agency (CPPA) settled its first non-data broker enforcement action against American Honda Motor Co. for a $632,500 fine and the implementation of certain remedial actions....more
The California Privacy Protection Agency (CPPA) the agency responsible for implementing and enforcing the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) (collectively the CCPA), protecting...more
A federal district court has denied a motion by Johnson & Johnson Consumer Inc. (JJCI) to dismiss a second amended complaint alleging it violated the Illinois Biometric Information Privacy Act (BIPA) by collecting and storing...more
3/14/2025
/ Biometric Information ,
Biometric Information Privacy Act ,
Class Action ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Illinois ,
Johnson & Johnson ,
Mobile Apps ,
Prior Express Consent ,
State Privacy Laws ,
Statutory Violations
The California Privacy Protection Agency (CPPA) and Background Alert, Inc. (a California-based data broker) settled allegations that Background Alert failed to register and pay the annual fee required by the California Delete...more
3/7/2025
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Personal Data ,
Privacy Laws ,
State Privacy Laws
Beware of demand letters from plaintiffs’ attorneys for allegations of illegal use of pen registers, trap and trace pixels, and search bar pixels—why? This “trap and trace” litigation is a growing trend for plaintiffs’...more
2/28/2025
/ California ,
CIPA ,
Consent ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Demand Letter ,
Litigation Strategies ,
Privacy Laws ,
State Privacy Laws ,
Web Tracking ,
Wiretapping
Almost every business has a website; every website should have a privacy policy, terms of use, and, in some cases, a consumer privacy rights notice—if certain state consumer privacy rights laws apply to your business, such as...more
2/21/2025
/ California Consumer Privacy Act (CCPA) ,
Consent ,
Consumer Privacy Rights ,
Cookies ,
Data Collection ,
Data Privacy ,
Privacy Laws ,
Privacy Policy ,
State Privacy Laws ,
Web Tracking ,
Websites
Stemming from Colorado’s Concerning Consumer Protections in Interactions with Artificial Intelligence Systems Act (the Act), which will impose obligations on developers and deployers of artificial intelligence (AI), the...more
Ethical hackers identified an arbitrary account takeover flaw in the administrator portal for Subaru’s Starlink service, which could allow a threat actor to hijack a vehicle through a Subaru employee account. This...more
1/31/2025
/ Automotive Industry ,
Connected Cars ,
Consumer Privacy Rights ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Hackers ,
Manufacturers
The Oregon Department of Justice (DOJ) released a new toolkit sharing with Oregonians how to protect their online information to celebrate Data Privacy Day. The toolkit includes information on how consumers can exercise their...more
Singapore-based Chinese video game developer Cognosphere, dba HoYoverse, known for “Genshin Impact,” a role-playing game involving collectible characters with unique fighting skills, has agreed to pay $20 million to settle...more
The California Attorney General published two legal advisories this week: Legal Advisory on the Application of Existing California Laws to Artificial Intelligence. Legal Advisory on the Application of Existing California Law...more
1/17/2025
/ Artificial Intelligence ,
California ,
California Consumer Privacy Act (CCPA) ,
Compliance ,
Consumer Privacy Rights ,
Consumer Protection Laws ,
Data Privacy ,
Data Protection ,
Healthcare ,
Popular ,
Privacy Laws
Earlier this month, after the conclusion of the public comment period, the Colorado Department of Law adopted amendments to the Colorado Privacy Act (CPA), which grants rights to Colorado consumers concerning their personal...more
12/20/2024
/ Biometric Information ,
Colorado ,
Consumer Privacy Rights ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Protection ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Right to Delete ,
State Privacy Laws
On January 1, 2025, five states’ consumer privacy rights laws will go into effect. Is your business ready? Have you determined if these laws apply to your business?...more
While California was the first state to implement a comprehensive consumer privacy rights law and the first to bring an enforcement action for violations, Texas is quickly becoming the next privacy regulator to watch. The...more
Last week, the California Privacy Protection Agency (CPPA) announced it will conduct a public investigative sweep of data broker registration compliance under the California Delete Act....more
11/8/2024
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Data Brokers ,
Data Protection ,
Data Sellers ,
Government Investigations ,
Information Technology ,
Personal Information ,
Registration Requirement ,
Regulatory Oversight
On Wednesday, the Federal Communication Commission’s (FCC) Privacy and Data Protection Task Force announced a Memorandum of Understanding (MOU) with the California Privacy Protection Agency (CPPA) to establish a federal-state...more