Texas Gov. Greg Abbott (R) on Monday signed a law requiring app stores to verify users’ ages (see 2505210015). SB-2420 mandates that app stores obtain parental consent before a minor can download an app.
Data Brokers and Delete Acts
Data brokers aggregate and sell personal data—often without clear user awareness. In response, many U.S. states are passing “delete acts” and other laws to increase transparency, require registration and give users control over data sales. These laws will reshape compliance and collection practices for brokers and companies relying on third-party data. This page tracks legislation, rulemaking and enforcement trends affecting the data brokerage industry.
The Electronic Privacy Information Center (EPIC) argued this week that opponents of New Jersey's Daniel's Law, which protects judicial and law enforcement personnel's private information, would use First Amendment grounds to oppose almost all privacy measures.
French privacy regulator CNIL fined Solocal Marketing Services $1 million (900,000 euros) for commercial data prospecting without securing prospects' consent and for transferring their data to partners without a valid legal basis.
Grocery chain Kroger collects vast amounts of personal data about its customers and makes inferences based on it, resulting in different shopping experiences, Consumer Reports (CR) said Wednesday. While Kroger responded that the CR report is misleading, a California legislator said it supports his argument for passing his surveillance-pricing bill.
The Consumer Financial Protection Bureau should reconsider withdrawing its proposed data broker rule given the privacy-related harms linked to data brokers, Sen. Ruben Gallego, D-Ariz., said in a letter to acting Director Russell Vought on Friday.
The Electronic Frontier Foundation applauded Montana for being the first state to close a “data broker loophole” for law enforcement. Separately, Cooley lawyers noted Montana's leadership role among states in crafting the country's third neural privacy law.
The Consumer Financial Protection Bureau will withdraw the Biden administration’s proposed data broker rule, the bureau announced in a notice scheduled for publication Thursday in the Federal Register. Industry groups requested the withdrawal in April comments (see 2504030059).
Massachusetts senators advanced a comprehensive privacy bill that includes a private right of action and Maryland-like data-minimization requirements. On Monday, the Senate side of the legislature’s joint Advanced Information Technology Committee advanced to the Ways and Means Committee a new draft of the Massachusetts Data Privacy Act (S-2516) that replaces bills by the committee’s Senate Chair Michael Moore (D), Senate Majority Leader Cynthia Creem (D) and Sen. William Driscoll (D). Some alternatives remain pending, including legislation by Sen. Barry Finegold (D), his spokesperson told Privacy Daily.
Days after an enforcement action against menswear retailer Todd Snyder, the California Privacy Protection Agency said its board ordered National Public Data to pay a $46,000 fine, the maximum allowed. The now-closed data broker failed to register as a data broker and pay an annual fee, as the California Delete Act requires, the CPPA said Thursday.
The global health care and life sciences sectors face major regulatory challenges in the U.S. and Europe from data transfer and cybersecurity laws, speakers said Thursday during an IAPP webinar.