Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching the title or clicking on the hyperlinked reference number.
Data Brokers and Delete Acts
Data brokers aggregate and sell personal data—often without clear user awareness. In response, many U.S. states are passing “delete acts” and other laws to increase transparency, require registration and give users control over data sales. These laws will reshape compliance and collection practices for brokers and companies relying on third-party data. This page tracks legislation, rulemaking and enforcement trends affecting the data brokerage industry.
New Jersey’s proposed privacy rules might be the most “aggressive” in the country, particularly the potential limitations on AI-related data scraping, attorneys and a tech industry official said in interviews.
CAMDEN, N.J. -- A federal judge raised doubts Monday that the Communications Decency Act gives data brokers immunity from New Jersey’s Daniel’s Law. In an oral argument at the U.S. District Court for New Jersey, Judge Harvey Bartle heard preemption arguments from various data brokers sued by Atlas Data Privacy under the 2020 state law, which is aimed at protecting the personal information of judicial and law enforcement officers, child protective investigators and certain family members.
The California Privacy Protection Agency (CPPA) filing a court petition to force Tractor Supply Co. to comply with an investigative subpoena Wednesday demonstrates its willingness to fight for privacy rights, consumer advocacy groups and other privacy professionals said.
The California Consumer Privacy Act (CCPA) is “like a big Lego block” to which state legislators “are constantly adding … Lego pieces,” said Tom Kemp, executive director of the California Privacy Protection Agency, during an IAPP webinar Tuesday. The California Privacy Rights Act, which amended the CCPA, prohibits reducing Californians’ privacy rights, he noted.
The expansion of data broker liability in states like Texas and California has companies considering multistate compliance approaches, privacy attorneys told us in interviews.
Enforcers should ensure that registered data brokers improve their performance when consumers request information from them about their data, the Electronic Frontier Foundation (EFF) said in a blog post Monday. The California Consumer Privacy Act (CCPA) grants consumers the legal right to request access to, or deletion of, their data.
Though the White House’s plans to collaborate with tech companies in building a health data-sharing system could ultimately result in a beneficial network, its current lack of clarity and transparency about data protections is concerning, consumer advocates said.
The California Privacy Protection Agency (CPPA) seeks comments by Aug. 18 at 5 p.m. PT on revised draft rules for implementing a data-deletion mechanism under the California Delete Act, the agency said in a notice Thursday.
New York AG Letitia James (D) asked a district court Tuesday to drop a challenge against a law requiring retailers to disclose when they're using algorithmic pricing. James argued the plaintiff -- the National Retail Federation (NRF) -- didn't state a claim in case 25-05500 and that the law doesn't violate the First Amendment.