Despite technology recording a woman's activity on a shopping site, that wasn't enough for her to claim a concrete privacy injury, an appeals court ruled as it dismissed her class-action suit. Celebrating the decision, advocacy groups said merely invoking the word "privacy" doesn't necessarily equate to a legitimate claim.

Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching the title or clicking on the hyperlinked reference number.

A three-judge panel of the 5th U.S. Circuit Court of Appeals denied an en banc rehearing of the rejection of a $57 million FCC fine against AT&T for violating the agency's data protection rules. The panel modified its April opinion slightly, removing language that referred to a 2012 5th Circuit decision in U.S. v. Stevens (see 1208210038).

Department of Government Efficiency (DOGE) activities at the Social Security Administration (SSA) involved data security lapses that risk the exposure of more than 300 million Americans’ social security information, alleged a protected whistleblower Tuesday. SSA denied that its handling of the data put citizens at risk, however.

The Colorado House on Tuesday voted 48-14 to pass legislation delaying implementation of the Colorado AI Act until June 30, 2026 (see 2508250038). The chamber passed SB-4 a day after the Senate, but the measure still needs a signature from Gov. Jared Polis (D). A consumer advocate blamed Polis and Big Tech for the collapse of an earlier deal that labor and civil society groups had struck with some businesses.

Bluesky's decision to block Mississippi IP addresses from its social media platforms highlights the inefficiencies and problems that come with age-verification laws, said consumer privacy and tech industry officials. After the U.S. Supreme Court allowed the state age-verification law to stand last week (see 2508140048), Bluesky announced its response in a statement Friday (see 2508220047).

It’s time to start “operationalizing the laundry list of requirements currently in the Colorado AI Act because it looks like a last-minute reprieve is unlikely,” said Denver-based privacy attorney Josh Hansen of Shook Hardy, as state legislators returned for the fifth day of their special session Monday.

A federal judge ruled Monday that New Jersey’s Daniel’s Law isn't preempted by the National Voter Registration Act (NVRA), refusing to dismiss two voter registration record websites from a consolidated constitutionality case about the statute. However, Judge Harvey Bartle found for the U.S. District Court for New Jersey that the state law is inconsistent with a provision of the Fair Credit Reporting Act (FCRA) and dismissed part of the complaint.

A bevy of entities, including advocacy organizations and media groups like the New York Times, filed amicus briefs earlier this week that blasted California’s Age-Appropriate Design Code (AADC) Act for infringing on privacy and First Amendment rights, with some saying the statute reigns in nearly every form of online content including news sites.

While recent court decisions have added to a circuit split on the Video Privacy Protection Act (VPPA) of 1988 (see 2508190026), some have also introduced notable interpretations of how the statute should apply, privacy lawyers said in interviews with Privacy Daily.