A California privacy enforcer’s first use of a purpose-limitation requirement under the California Consumer Privacy Act (CCPA) makes this week’s record $1.55 million settlement with Healthline a significant enforcement action for companies in many sectors, privacy experts told Privacy Daily this week. Also significant was the highly technical, in-depth investigation that the office of Attorney General Rob Bonta (D) conducted, they said. Signs point to increased privacy enforcement ahead.
Following a joint stipulation of voluntary dismissal Friday from data scraper Bright Data and social media platform X, U.S. District Court for Northern California Judge William Alsup ordered the copyright case dismissed on Tuesday.
Healthline called a $1.55 million settlement with California "amicable" after an enforcement action alleged that the company committed a series of privacy violations (see 2507010074).
Utah should consider amending its comprehensive privacy law, given the underwhelming number of consumer privacy complaints filed in the statute’s first 18 months, said Attorney General Derek Brown (R) and the Utah Division of Consumer Protection in a report obtained Wednesday by Privacy Daily. “Complaints have not been as forthcoming as anticipated,” it said, but “violations are likely occurring.”
Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching the title or clicking on the hyperlinked reference number.
Healthline must pay California $1.55 million as part of a record proposed settlement under the California Consumer Privacy Act, Attorney General Rob Bonta (D) said Tuesday. It also includes a novel injunctive term prohibiting the company “from sharing article titles that reveal that a consumer may have already been diagnosed with a medical condition,” the attorney general's office said.
Healthline must pay California $1.55 million under the largest proposed settlement yet under the California Consumer Privacy Act, Attorney General Rob Bonta (D) said Tuesday. The settlement, which is pending final court approval, also includes a novel injunctive term prohibiting the company “from sharing article titles that reveal that a consumer may have already been diagnosed with a medical condition,” the AG's office said.
AT&T's proposed $177 million settlement stemming from 2019 and 2024 data breaches shows that multifactor authentication isn't optional, cybersecurity expert Joe Vadakkan wrote last week. In the 2024 incident, hackers penetrated AT&T's Snowflake cloud system using credentials that didn't have MFA and made off with customers' call and text metadata, he said. "Weak credential protections" made the hack possible, he added. "Supply chain vigilance is critical," as the Snowflake breach came via "internal compromises." The settlement received preliminary approval in U.S. District Court earlier this month.
Former Facebook users whose personal data was collected as part of the Cambridge Analytica matter some 10 years ago may now register for restitution under an AU$50 million payment ($33 million based on today's exchange rates) program Meta agreed to with the Australian Office of the Information Commissioner (OAIC), the office announced Thursday.
The 7th U.S. Circuit Court of Appeals could soon issue a ruling on the retroactivity of a 2023 amendment to the Illinois Biometric Information Privacy Act (BIPA), which would provide significant clarity about pending BIPA cases, said blog posts by multiple law firms.