Nvidia continued using cookies to track user browsing activities despite consumers opting out, said a class-action complaint Friday at the U.S. District Court for Northern California. The tech company's behavior is an “egregious privacy violation and total breach of consumer trust,” said the complaint (case 5:25-cv-09160).
Data Brokers and Delete Acts
Data brokers aggregate and sell personal data—often without clear user awareness. In response, many U.S. states are passing “delete acts” and other laws to increase transparency, require registration and give users control over data sales. These laws will reshape compliance and collection practices for brokers and companies relying on third-party data. This page tracks legislation, rulemaking and enforcement trends affecting the data brokerage industry.
Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching the title or clicking on the hyperlinked reference number.
The California Privacy Protection Agency could have a decision from the state's Office of Administrative Law (OAL) on Delete Act regulations just in time for the CPPA board's Nov. 7 meeting.
Florida and Michigan focused recent privacy complaints against Roku on the streaming box maker's partnerships with data brokers, Holland & Knight lawyers noted in a blog post Friday.
California added to companies’ increasing worries “about being viewed as ‘selling’ personal data” earlier this month when Gov. Gavin Newsom (D) signed an update to the California Delete Act, Sheppard Mullin attorneys Lissa Thomas and Kathryn Smith blogged Thursday.
The New Jersey Supreme Court agreed to interpret whether the state’s Daniel’s Law imposes strict liability on data brokers for posting private information online, or if proof of intent is required. The 3rd U.S. Circuit Court of Appeals asked for the high court to weigh in at the beginning of September (see 2509040054).
The California Privacy Protection Agency launched a webpage for consumers Friday previewing the agency’s upcoming Delete Request and Opt-Out Platform (DROP), Executive Director Tom Kemp posted on LinkedIn. The agency plans to release the accessible data deletion mechanism Jan. 1.
The Consumer Financial Protection Bureau should retain consumer privacy protections in Section 1033 of the Dodd-Frank Act and continue guarding against third-party financial data abuse, consumer groups told the CFPB in comments due Tuesday (see 2508210038).
Making sure that executive suite members understand the privacy landscape is key to ensuring companies stay proactive and in compliance, said panelists at a privacy risk event Tuesday. During another panel, the executive director of the California Privacy Protection Agency (CPPA) discussed how it's helping raise awareness of privacy issues with businesses. Compliance vendor DataGrail sponsored the event.
Connecticut could next year pass legislation like the California Delete Act and create a data broker registry, state Sen. James Maroney (D), author of Connecticut’s comprehensive privacy law, said on Marketecture’s The Monopoly Report podcast Wednesday. However, he said Connecticut would likely try to share the accessible deletion mechanism now under development at the California Privacy Protection Agency (CPPA).