Data brokers are lining up to comply with California’s one-stop deletion tool requirement under the Delete Act, and the numbers signal a major shift in how privacy rights may be exercised and enforced in California starting this summer.
At its most recent meeting, the California Privacy Protection Agency (CPPA) reported that more than 575 data brokers
A newly filed putative class action in the Western District of Texas targets Bumble, Inc., over an alleged “massive and preventable” cyberattack in or around January 2026, in which attackers allegedly accessed highly sensitive user data stored in Bumble’s systems. The complaint alleges the compromised information included names, dates of birth, addresses, telephone numbers, Social Security numbers
DJI, the world’s leading manufacturer of civilian drones, has escalated its dispute with the Federal Communications Commission (FCC) by filing an appeal in the Ninth Circuit after the FCC placed many DJI products on its “covered list,” which the FCC uses for telecommunications equipment it deems an unacceptable national security risk. DJI says the decision
Website tracking litigation continues to generate high stakes compliance risk, but not all privacy statutes are moving through the courts at the same pace. A notable divergence is emerging between the Video Privacy Protection Act (VPPA) and the California Invasion of Privacy Act (CIPA). Where the first is rapidly heading toward definitive interpretation by the
The Office of California Attorney General Rob Bonta announced the largest settlement for violations of the California Consumer Privacy Act (CCPA) to date, imposing a $2.75 million civil penalty and injunctive relief focused on how Disney implements consumer opt-outs across its streaming ecosystem. Disney must pay the penalty within 30 days of the judgment’s effective
California resident Nathaniel Bee filed a lawsuit this week alleging that the ATP Tour’s website used third-party tracking technology that captured details on how visitors interacted with the site, including what content they viewed; how they navigated the website; and what type of device they used, without user consent in violation of the California Invasion
Until California’s legislature provides clearer guardrails, companies should expect continued class action activity under the California Invasion of Privacy Act (CIPA), targeting common website tracking technologies. Plaintiffs’ firms are actively testing how far this decades-old statute extends in the modern web environment, and courts have not reached a consensus. That uncertainty creates real litigation risk
States are weighing in on whether grocery stores, hotel chains, and retailers should be using personal consumer information such as “browsing history” and “location data” to decide what price you see, when someone else might see something different. Pioneering this inquiry is California, approaching this individualized pricing as a potential privacy problem. At the end
Florida website tracking litigation is gaining momentum this year, with plaintiffs increasingly invoking the Florida Security of Communications Act (FSCA) to challenge common website analytics and advertising tools, especially where those tools allegedly capture and share sensitive user communications. The FSCA is an old state wiretap statute now aimed at modern website tracking. The FSCA
Businesses that run consumer-facing websites have spent the past several years contending with a steady stream of California Invasion of Privacy Act (CIPA) demands and class actions aimed at everyday digital tools such as cookies, pixels, and analytics scripts. A recent decision from the Southern District of California, Camplisson v. Adidas Am., Inc., 2025