The EU Council agreed Wednesday on its negotiating stance on several European Commission proposals, including one extending red-tape reduction rules to mid-cap enterprises, a move that will amend the GDPR.

Businesses face a raft of incoming California regulations on automated decision-making technology (ADMT) from a variety of sources, but privacy lawyers said this week that resulting compliance plans need not be elaborate.

Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching the title or clicking on the hyperlinked reference number.

The California Privacy Protection Agency received final approval on automated decision-making technology (ADMT) and other rules from the Office of Administrative Law (OAL), the CPPA said Tuesday. Meanwhile, in materials released ahead of a Friday board meeting, the CPPA disclosed that it has seen a steady increase in consumer privacy complaints over the last two years.

A Canadian security camera company with ties to China misled consumers about its privacy and security standards, Nebraska Attorney General Mike Hilgers (R) said in a lawsuit filed Tuesday. Hilgers, in an interview with Privacy Daily, discussed how he's using his office's consumer protection authority, as well as the outlook for the state's new privacy law.

DOJ received industry requests this month to scrutinize the Maryland Online Data Privacy Act (MODPA) and other state privacy measures as possibly burdening interstate commerce. The closely watched Maryland legislation takes effect Oct. 1. The chief privacy officer of one company that flagged MODPA told Privacy Daily that his business' main concern is the part of the law's unique data minimization requirement that bans sale of precise location data.

A federal appeals court should affirm a lower court’s decision and block Florida’s social media ban on children because it violates the First Amendment, the American Civil Liberties Union and consumer groups said in a filing Friday, siding with the tech industry (see 2509120040). The groups also highlighted privacy concerns related to age verification (docket 25-11881).

Although every state has a data breach notification law, each one imposes different regulations and reporting requirements, Emory Roane, associate director of policy at Privacy Rights Clearinghouse (PRC), said in a recent interview with Privacy Daily. While some protections exist at the federal level, a comprehensive breach law would help, as would data minimization principles, privacy pros added.

While not every state privacy bill becomes law, it’s important to look for trends in what’s being proposed across the U.S., privacy lawyers said during the Risk Digital virtual conference Thursday. They also said to keep an eye on class actions and watch for privacy rules that might be tucked into other kinds of laws.

Even without a private right of action, a Massachusetts comprehensive privacy bill nearing a Senate floor vote could still be the strongest of about 20 states with such laws, Electronic Privacy Information Center (EPIC) Deputy Director Caitriona Fitzgerald said in an interview Friday. While legislators previously cut the right for individuals to sue -- limiting enforcement authority to the Massachusetts’ attorney general -- they kept data minimization requirements like those from Maryland’s privacy law.