So far in 2025, state lawmakers and regulators have focused on data related to health, children, geolocation and biometrics, said Sidley privacy attorneys Colleen Theresa Brown, Sheri Porath Rockwell and Sasha Hondagneu-Messner in a blog post Thursday.
With federal agencies deemphasizing rulemaking and enforcement, “states are advancing more prescriptive cybersecurity standards for financial institutions, including many that align with the approach and standards set by the New York Department of Financial Services (NYDFS),” the Cooley law firm blogged Wednesday.
In another attempt to support the state's 2023 social media safety law, Arkansas AG Tim Griffin (R) asked the 8th U.S. Circuit Court of Appeals on Thursday to toss a district court ruling that blocked the measure.
Though several recent enforcement actions have targeted websites, mobile apps are also subject to all privacy laws, a lawyer said Thursday during a webinar by Privado, a privacy vendor. Daniel Goldberg, a Frankfurt Kurnit lawyer, also noted that it's no longer enough for companies to rely on privacy vendors for compliance; they must practice due diligence too.
A bipartisan group of nearly 30 state attorneys general voluntarily dropped a lawsuit challenging the sale of 23andMe and its genetic data on Wednesday, saying "the issues raised in this adversary complaint are rendered moot." The biotechnology company was officially sold to nonprofit TTAM Research Institute on July 11 (see 2507150083).
There has been a quiet shift recently where state privacy enforcement is often aided behind the scenes by private law firms, according to a Tuesday blog post from Frankfurt Kurnit attorneys. These firms typically develop the case and can even appear in the final complaint filed in court, lawyers Daniel Golberg and Holly Melton wrote.
Porn site Multi Media renewed its call for a district court to dismiss a lawsuit against it, arguing that when a user agreed to the platform's Terms & Services, he accepted an arbitration clause. Multi Media is one of four adult websites sued in the U.S. District Court for Kansas in May for allegedly failing to implement age-verification (see 2505130023).
States should amend comprehensive privacy laws to remove loopholes for consumer reporting agencies (CRAs), the Electronic Privacy Information Center (EPIC) said in a white paper released Tuesday.
Age-verification vendors weren't "surprised" by attempts to circumvent proof-of-age mechanisms once the U.K. Online Safety Act (OSA) rules took effect Friday, Age Verification Providers Association Executive Director Iain Corby told us Tuesday.
The California Privacy Protection Agency (CPPA) announced a $55,400 fine Tuesday against Accurate Append for failing to register as a data broker and pay the annual fee required by the state’s Delete Act (see 2507290031). The CPPA's latest fine signals the agency's crackdown on data brokers, said Troutman Amin law clerk Tammana Malik in a blog post. However, a study last month on California data brokers argues they largely ignore regulation.