Data Privacy

Subscribe to Data Privacy via RSS

Data brokers are lining up to comply with California’s one-stop deletion tool requirement under the Delete Act, and the numbers signal a major shift in how privacy rights may be exercised and enforced in California starting this summer.

At its most recent meeting, the California Privacy Protection Agency (CPPA) reported that more than 575 data brokers

The Office of California Attorney General Rob Bonta announced the largest settlement for violations of the California Consumer Privacy Act (CCPA) to date, imposing a $2.75 million civil penalty and injunctive relief focused on how Disney implements consumer opt-outs across its streaming ecosystem. Disney must pay the penalty within 30 days of the judgment’s effective

Until California’s legislature provides clearer guardrails, companies should expect continued class action activity under the California Invasion of Privacy Act (CIPA), targeting common website tracking technologies. Plaintiffs’ firms are actively testing how far this decades-old statute extends in the modern web environment, and courts have not reached a consensus. That uncertainty creates real litigation risk

States are weighing in on whether grocery stores, hotel chains, and retailers should be using personal consumer information such as “browsing history” and “location data” to decide what price you see, when someone else might see something different. Pioneering this inquiry is California, approaching this individualized pricing as a potential privacy problem. At the end

Florida website tracking litigation is gaining momentum this year, with plaintiffs increasingly invoking the Florida Security of Communications Act (FSCA) to challenge common website analytics and advertising tools, especially where those tools allegedly capture and share sensitive user communications. The FSCA is an old state wiretap statute now aimed at modern website tracking. The FSCA

Businesses that run consumer-facing websites have spent the past several years contending with a steady stream of California Invasion of Privacy Act (CIPA) demands and class actions aimed at everyday digital tools such as cookies, pixels, and analytics scripts. A recent decision from the Southern District of California, Camplisson v. Adidas Am., Inc., 2025

This week, the U.S. Supreme Court granted certiorari in Salazar v. Paramount Global, No. 25-459 (cert. granted Jan. 26, 2026), to resolve a circuit split over the scope of the federal Video Privacy Protection Act (VPPA). Enacted in 1988, the VPPA has helped fuel a wave of class actions in recent years, especially

California’s 2025 legislative session ended with a familiar message to businesses: privacy compliance is expanding in scope, and artificial intelligence (AI) governance is moving quickly from voluntary best practices to enforceable transparency and safety obligations. On the last day of 2025, lawmakers introduced 33 privacy and AI bills and passed 16 for Governor Gavin Newsom

Happy New Year! 2025 was a busy year for the Insider authors—we published 271 posts throughout 2025. To kick-off 2026, in case you missed them last year, we are providing the articles from 2025 that were the most interesting to our readers across various categories.

We hope you enjoy them and look forward to another