Enforcement has focused heavily in 2025 on surface-level, obvious and quick fixes, privacy lawyers said in recent interviews. While this trend will continue in 2026, additional tools and other factors should keep enforcement an area to watch, they said.
Data brokers must register quickly and comprehensively in California, the California Privacy Protection Agency said in an enforcement advisory Wednesday. CalPrivacy issued the advisory, which addresses data broker registration requirements related to trade names, websites and parent-subsidiary relationships, with about two weeks to go until the planned Jan. 1 launch of the Delete Request and Opt-Out Platform (DROP).
Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching the title or clicking on the hyperlinked reference number.
Privacy professionals expected more states to enact comprehensive privacy laws this year, but none of the bills introduced this year crossed the finish line, they said Thursday on a TrustArc webinar. Instead, states passed narrowly tailored privacy legislation or amendments to existing laws. In addition, several court decisions and enforcement actions drilled deep into top privacy issues, the privacy pros said.
California Privacy Protection Agency (CalPrivacy) fines for Delete Act violations next fall could rise from tens of thousands of dollars to tens of millions of dollars -- at least -- with no room for negotiation on total penalties, panelists said on a webinar by consumer privacy vendor Reklaim on Wednesday. In addition, many more companies may be considered data brokers covered by the law than realize it now, they said.
The modest fine of $56,000 that California Privacy Protection Agency’s (CalPrivacy) assessed against a company recently for failing to register as a data broker (see 2512030029) “may be the last penalty we see of this size,” said Dentons privacy attorney Dalton Cline, who sees several factors increasing monetary burdens on violators in the future.
Vermont Rep. Monique Priestley (D) will push again for comprehensive privacy legislation -- and probably one of two data broker bills -- when the legislature returns Jan. 8, she said in an interview last week with Privacy Daily. A series of town halls yielded much public excitement for privacy protections and potential new support from small businesses next year, said Priestley, who also will be running for state senator in 2026 (see 2510290024).
The California Privacy Protection Agency (CalPrivacy) fined Nevada-based marketing firm ROR Partners $56,000 for its failure to register as a data broker, in violation of the state's Delete Act. The agency's Data Broker Enforcement Strike Force brought the fine. Part of the Enforcement Division, the Strike Force was announced in November (see 2511190041).
The California Privacy Protection Agency will roll out a Data Broker Enforcement Strike Force to review industry compliance with the California Consumer Privacy Act (CCPA) and the Delete Act’s registration requirements, CalPrivacy said Wednesday.
Vermont Rep. Monique Priestley (D) defended her continued push for a private right of action (PRA) in comprehensive privacy legislation while speaking on Marketecture's Monopoly Report podcast Wednesday. Also, Priestley said she aims to respect donors’ privacy as she makes a run for state Senate in 2026 (see 2510290024).