The California Privacy Protection Agency (CPPA) issued a decision requiring Ford Motor Company to pay a fine of $375,703 and update its privacy practices following a settlement for its alleged violations of the California Consumer Privacy Act (CCPA). Under the CCPA, California residents have the right to direct a business to stop selling or sharing
Skullcandy Can’t Transfer its CIPA Case Out of California
A federal court in the Southern District of California declined to dismiss wiretapping and eavesdropping claims tied to Skullcandy Inc.’s alleged use of online trackers on its retail website, allowing the lawsuit to move forward. Plaintiff alleges that Skullcandy used tracking tools from Meta Platforms and Google to collect browser and purchase data. Jones v.
A Compliance Wave Is Coming: Data Brokers Brace for DROP Deletion Requests Under the Delete Act
Data brokers are lining up to comply with California’s one-stop deletion tool requirement under the Delete Act, and the numbers signal a major shift in how privacy rights may be exercised and enforced in California starting this summer.
At its most recent meeting, the California Privacy Protection Agency (CPPA) reported that more than 575 data brokers
Swiped Right, Hacked Hard: Bumble Faces Class Action Over Data Breach
A newly filed putative class action in the Western District of Texas targets Bumble, Inc., over an alleged “massive and preventable” cyberattack in or around January 2026, in which attackers allegedly accessed highly sensitive user data stored in Bumble’s systems. The complaint alleges the compromised information included names, dates of birth, addresses, telephone numbers, Social Security numbers
DJI vs. the FCC: What the “Covered List” Could Mean for Drone Operators and Manufacturers
DJI, the world’s leading manufacturer of civilian drones, has escalated its dispute with the Federal Communications Commission (FCC) by filing an appeal in the Ninth Circuit after the FCC placed many DJI products on its “covered list,” which the FCC uses for telecommunications equipment it deems an unacceptable national security risk. DJI says the decision
Appellate Whiplash in Website Tracking Litigation: VPPA Speeds Ahead While CIPA Still Waits
Website tracking litigation continues to generate high stakes compliance risk, but not all privacy statutes are moving through the courts at the same pace. A notable divergence is emerging between the Video Privacy Protection Act (VPPA) and the California Invasion of Privacy Act (CIPA). Where the first is rapidly heading toward definitive interpretation by the
CCPA Enforcement Goes Cross Device: What Disney’s Settlement Signals for Compliance
The Office of California Attorney General Rob Bonta announced the largest settlement for violations of the California Consumer Privacy Act (CCPA) to date, imposing a $2.75 million civil penalty and injunctive relief focused on how Disney implements consumer opt-outs across its streaming ecosystem. Disney must pay the penalty within 30 days of the judgment’s effective
Tracking After Rejection? ATP Tour Complaint Highlights Risks of Misaligned Cookie Controls
California resident Nathaniel Bee filed a lawsuit this week alleging that the ATP Tour’s website used third-party tracking technology that captured details on how visitors interacted with the site, including what content they viewed; how they navigated the website; and what type of device they used, without user consent in violation of the California Invasion
CIPA Demand Letters Are Here to Stay; Reducing Risk from Chat, Session Replay, and Analytics
Until California’s legislature provides clearer guardrails, companies should expect continued class action activity under the California Invasion of Privacy Act (CIPA), targeting common website tracking technologies. Plaintiffs’ firms are actively testing how far this decades-old statute extends in the modern web environment, and courts have not reached a consensus. That uncertainty creates real litigation risk
New Investigative Sweep Under the CCPA: Individualized Pricing as a Privacy Problem
States are weighing in on whether grocery stores, hotel chains, and retailers should be using personal consumer information such as “browsing history” and “location data” to decide what price you see, when someone else might see something different. Pioneering this inquiry is California, approaching this individualized pricing as a potential privacy problem. At the end