New York Gov. Kathy Hochul (D) on Friday evening signed comprehensive AI legislation with chapter amendments she negotiated with bill sponsors, as expected (see 2512190016, 2511170054 and 2512100008).

Friday night’s veto of a New York health data privacy bill might not be the end of the story. S-929 sponsor Sen. Liz Krueger (D) “is planning to reintroduce this bill or something similar next session,” a spokesperson told Privacy Daily on Monday. In addition, the New York Civil Liberties Union (NYCLU) plans to work with S-929's sponsors to “try again next year,” Allie Bohm, senior policy counsel, emailed us.

French data protection watchdog CNIL hit Mobius Solutions, a subcontractor that ran personalized advertising campaigns for Deezer, with a 1 million euro ($1.2 million) fine for serious GDPR violations, including failing to delete millions of people's data after ending its association with the music streaming app, it said Friday.

The House Commerce Committee plans to take “action” on comprehensive privacy legislation after considering kid bills this spring, a committee staffer said in a statement Friday.

Data security is inextricably linked to vendors, third parties and others along the supply chain, necessitating that companies have a firm understanding of how their information flows internally as well as externally, panelists said during a Practising Law Institute (PLI) event Wednesday.

Meta must give privacy advocate Max Schrems full access to all of his personal data within 14 days, the Austrian Supreme Court ruled and Noyb reported Thursday. Also, the social media giant must revamp its illegal personalized advertising model, the court said. Noyb said the decision sets an EU-wide precedent.

Days after suing five TV companies for spying on consumers and recording what they watch, Texas Attorney General Ken Paxton (R) said Wednesday he had secured a temporary restraining order (TRO) against one of them, Hisense, to stop it from collecting personal data. Meanwhile, an attorney said Texas' action highlighted regulation of smart connected devices like TVs, which have become surveillance tools. Another said resulting fines against the companies could be significant.

Despite some federal statutes and many state laws specific to privacy, the FTC acts as a stand-in for the lack of a comprehensive federal privacy measure, said the agency's former chief privacy officer at a Practising Law Institute (PLI) event Wednesday. Besides state privacy laws, enforcers often employ unfair and deceptive acts and practices (UDAP) statutes and other consumer protection laws, another panelist said.

FTC Commissioner Mark Meador sees Section 5 of the FTC Act and COPPA as the best statutory authorities for the commission to protect children online, the Republican told the Monopoly Report during a podcast aired Wednesday. But Section 6(b) of the FTC Act is a unique tool to better understand modern data practices, he said.

Data brokers must register quickly and comprehensively in California, the California Privacy Protection Agency said in an enforcement advisory Wednesday. CalPrivacy issued the advisory, which addresses data broker registration requirements related to trade names, websites and parent-subsidiary relationships, with about two weeks to go until the planned Jan. 1 launch of the Delete Request and Opt-Out Platform (DROP).