Sendit violated COPPA by illegally collecting children’s data and deceived users with messages from fake people, the FTC announced Tuesday in a lawsuit against the Los Angeles-based anonymous messaging app.

The California Privacy Protection Agency assessed its largest-ever penalty, ordering Tractor Supply Co. to pay a $1.35 million fine and change its business practices, the CPPA said Tuesday. The company told Privacy Daily that it’s committed to compliance and addressed the privacy issues raised.

When carrying out enforcement actions, regulators are looking for companies to be upfront about incidents and willing to work with them to solve issues, said state and federal regulators during a panel at a Practising Law Institute (PLI) cybersecurity conference Monday.

Uncommon and broadly applicable data minimization requirements in the Maryland Online Data Privacy Act (MODPA) could pose major compliance challenges for companies when the law takes effect Wednesday, privacy attorneys representing businesses said in interviews. Some advertisers could opt out of the Maryland market rather than comply with the state's comprehensive privacy law, said David LeDuc, Network Advertising Initiative (NAI) public policy vice president.

California Assemblymember Rebecca Bauer-Kahan (D) and consumer advocates on Friday said they’re optimistic Gov. Gavin Newsom (D) will sign child online safety legislation after his remarks this week about regulating AI technology.

The Irish Data Protection Commission (DPC) said Friday it identified the two companies and dataset at the heart of a scandal involving the sale of smartphone location data and is investigating. The Irish Council for Civil Liberties (ICCL) accused the DPA of failing to act on its earlier whistleblowing complaint.

The California Privacy Protection Agency’s head enforcer heralded “a new era of privacy enforcement,” in an update during the CPPA Board’s Friday meeting. The agency has “hundreds” of investigations open, and in most cases the targeted businesses don’t know about them yet, said Michael Macko, deputy director of enforcement. “We haven't surfaced yet."

A potential tech industry legal challenge is looming as child-related amendments to the Colorado Privacy Act go into effect Wednesday.

The FCC’s Communications Security, Reliability and Interoperability Council (CSRIC) unanimously approved a report Thursday on “best practices” for the FCC and industry on the ethical and practical use of AI and machine learning (ML). The report, which examines privacy and new risks for telecom networks, wasn’t released Thursday.

A company complying with Maryland’s data minimization standard would be in compliance with a similar measure proposed in a Massachusetts comprehensive privacy bill that’s moving quickly toward passage, said Massachusetts Sen. Michael Moore (D) on the floor Thursday. However, Moore also said he’s fine with Massachusetts being an “outlier” among the 20 states with privacy laws.