Video-streaming box maker Roku “collected, sold and enabled reidentification of sensitive personal data” without receiving authorization or providing meaningful notice, the Florida attorney general’s office said Tuesday. AG James Uthmeier filed a complaint under Florida’s comprehensive privacy law and its Deceptive and Unfair Trade Practices Act in the state’s 20th Judicial Circuit Court.
Attorneys general from Minnesota and New Hampshire joined states’ Consortium of Privacy Regulators, the California Privacy Protection Agency (CPPA) said Wednesday.
California Gov. Gavin Newsom (D) signed universal opt-out legislation and two other privacy bills Wednesday.
The California Privacy Protection Agency assessed its largest-ever penalty, ordering Tractor Supply Co. to pay a $1.35 million fine and change its business practices, the CPPA said Tuesday.
The California Privacy Protection Agency’s head enforcer heralded “a new era of privacy enforcement,” in an update at the CPPA Board’s Friday meeting. The agency has “hundreds” of investigations open, and in most cases the targeted businesses don’t know about them yet, said Michael Macko, deputy director of enforcement. "We haven't surfaced yet."
The California legislature agreed on a bill Thursday to require web browser support for universal opt-out preference signals (OOPS). The Assembly voted 44-2 to concur with Senate changes to AB-566, closely watched legislation that was endorsed by the California Privacy Protection Agency.
The 2nd Circuit U.S. Court of Appeals on Wednesday upheld a $46.9 million fine against Verizon for violating FCC data rules. Judges heard the case in April and appeared skeptical of claims that Verizon had the right to a jury trial before the FCC handed down the fine (see 2504290060).
Software company PowerSchool’s failure to protect the personal information of nearly 900,000 Texas schoolchildren and educators is a violation of the Texas Deceptive Trade Practices Act and the Identity Theft Enforcement and Protection Act, alleged Attorney General Ken Paxton (R) in a lawsuit Wednesday.
The U.S. Court of Appeals for the D.C. Circuit rejected T-Mobile’s challenge of an $80 million data breach forfeiture in a unanimous opinion Friday.
A three-judge panel of the 6th U.S. Circuit Court of Appeals upheld the FCC’s data breach notification rules in an opinion Wednesday. The rules were approved 3-2 in 2023 by the previous FCC, with then-Commissioners Brendan Carr and Nathan Simington dissenting. The Ohio Telecom Association, the Texas Association of Business, CTIA, NCTA and USTelecom filed petitions for review against the rules, arguing that they were outside the FCC’s authority and violated the Congressional Review Act because Congress vetoed similar requirements included with other privacy rules in 2017. But the court said the Congressional Review Act doesn’t prevent agencies from issuing new rules that are similar to parts of rules nullified by CRA resolutions. If Congress had wanted the CRA to do that, “it could have said so,” said the opinion from Judge Jane Stranch. “That is not the language it chose.” The 2017 rules and the 2024 FCC data breach order also aren’t “substantively identical,” the opinion said.