The federal jury decision earlier this month that Meta violated the California Invasion of Privacy Act (CIPA) illustrates how tracking technologies can pose serious risks if not responsibly deployed, said Ice Miller lawyers in a Monday blog post. The jury in Frasco v. Flo Health, Inc. found the social media platform intentionally eavesdropped on users of the health app Flo Health without consent and received sensitive data on users' menstrual cycles and reproductive health (see 2508040041).
The U.S. Court of Appeals for the D.C. Circuit upheld the FCC’s $80 million data breach forfeiture in a unanimous opinion handed down Friday (see 2508150014). T-Mobile was also fined $12.2 million for violations by Sprint, which it later acquired. Judges appeared skeptical of T-Mobile's arguments when the case was heard in March (see 2503240048). T-Mobile is reviewing the decision, a spokesperson said Friday.
Legislation significantly revamping Israel's data protection law took effect Thursday, but the country's privacy watchdog said it will delay enforcement of one of its provisions until October.
Meta asked a federal court Monday to reverse the verdict or, alternatively, hold a new trial in a case involving allegations that the company shared sensitive health information with third parties without user consent. The social media platform argued "the evidence at trial does not fit plaintiffs’ legal claim."
Companies should master the fundamentals of privacy, which will form a solid foundation when handling new privacy regulations, enforcement actions and emerging technologies like AI, said Sourcepoint’s Chief Privacy Officer Julie Rubash and Brian Kane, the chief operating officer of the privacy software company that was recently acquired by Didomi (see 2507080040).
Companies can learn practical lessons from common themes in recent enforcement actions and implementing those takeaways can help them stay ahead of evolving privacy requirements, said Quarles lawyers in a blog post Monday.
The FTC could improve cybersecurity standards by verifying the adequacy of companies' risk assessments, IAPP Cybersecurity Law Center Managing Director Jim Dempsey said in a post Friday.
The California Privacy Protection Agency (CPPA) filing a court petition to force Tractor Supply Co. to comply with an investigative subpoena Wednesday demonstrates its willingness to fight for privacy rights, consumer advocacy groups and other privacy professionals said.
Businesses should map their automated decision-making technology (ADMT), review and revise privacy policies, plan for cybersecurity audits and review vendor contracts in response to California Privacy Protection Agency rules adopted July 24, some privacy law practices advised in recent client alerts. The rules are expected to be finalized without changes shortly.
The expansion of data broker liability in states like Texas and California has companies considering multistate compliance approaches, privacy attorneys told us in interviews.