Privacy Daily is providing readers with our top 20 most read stories published in 2025. All articles can be found by searching the titles or clicking on the hyperlinked reference numbers.
Ad Tech and Marketing Privacy
Digital advertising faces significant regulatory pressure over how it collects, shares and monetizes visitor data. Laws like the GDPR, CCPA, CPRA, and ePrivacy Directive have upended behavioral targeting, cross-site tracking, and real-time bidding. Regulators are demanding more transparency, user consent, and accountability across the online advertising ecosystem. This page covers global enforcement, litigation and policy trends affecting advertisers, platforms and data brokers.
All 20 U.S. comprehensive privacy laws will be in effect Jan. 1 when Kentucky, Indiana and Rhode Island join 17 other states with broad privacy statutes. However, those three new state laws coming online are unlikely to significantly reshape the U.S. consumer privacy landscape, privacy experts said in interviews with Privacy Daily.
Businesses that use tracking technologies must ensure they have the proper information and language in their disclosures and consent mechanisms to avoid legal risk, said Marc Roth, marketing and privacy advisor at Cobalt, during a webinar hosted by the Practising Law Institute Monday.
Enforcement has focused heavily in 2025 on surface-level, obvious and quick fixes, privacy lawyers said in recent interviews. While this trend will continue in 2026, additional tools and other factors should keep enforcement an area to watch, they said.
As retail marketing picks up speed, online advertisers and publishers are increasingly eyeing data clean rooms (DCRs) to ensure GDPR compliance, Fieldfisher data protection attorney Stephan Zimprich said in an interview last week.
Apple's App Tracking Transparency (ATT) policy, which sets privacy rules for third-party developers of apps offered on the App Store, violates EU antitrust rules, the Italian Competition Authority (ICA) said Monday, fining the company more than 98.6 million euros ($116 million).
Friday night’s veto of a New York health data privacy bill might not be the end of the story. S-929 sponsor Sen. Liz Krueger (D) “is planning to reintroduce this bill or something similar next session,” a spokesperson told Privacy Daily on Monday. In addition, the New York Civil Liberties Union (NYCLU) plans to work with S-929's sponsors to “try again next year,” Allie Bohm, senior policy counsel, emailed us.
French data protection watchdog CNIL hit Mobius Solutions, a subcontractor that ran personalized advertising campaigns for Deezer, with a 1 million euro ($1.2 million) fine for serious GDPR violations, including failing to delete millions of people's data after ending its association with the music streaming app, it said Friday.
Italian DPA Garante fined Verisure Italy and Aimaq hundreds of thousands of euros for serious data protection violations, it said Thursday.
A case charging SeatGeek violated the California Invasion of Privacy Act (CIPA) by using tracking technologies should be dropped for failure to allege harm, argued the ticketing platform in a court document Wednesday.