Data Privacy

Subscribe to Data Privacy via RSS

If you’ve ever browsed Etsy looking for a handmade candle or a quirky T-shirt, you might have unknowingly shared more than just your shopping preferences. A new lawsuit filed last week in California claims that Etsy has been quietly allowing third-party companies like Google, Meta, and Microsoft to collect personal data from users through website

This post was authored by William Ollayos, Summer Associate. William is not admitted to practice law.

On June 27, 2025, the U.S. Supreme Court upheld a Texas law requiring pornography websites to verify users’ ages through government-issued ID. The 6–3 decision in Free Speech Coalition v. Paxton marks a significant shift in First Amendment jurisprudence

It’s 2025, and somehow, we’re still dealing with lawsuits over a law that was born in the pen registers and rotary phones era. That law, the California Invasion of Privacy Act (CIPA), a decades-old statute that’s suddenly found new life in the digital age, could put your company in legal crosshairs based on its website

This post was co-authored by Summer Legal Intern Mark Abou Naoum. Mark is not admitted to practice law.

This week, the U.S. District Court for the Northern District of California ruled in favor of children’s clothing retailer Janie & Jack, which sought to enjoin over 2,400 individual arbitration claims resulting from alleged violations of the

A new wave of state consumer privacy laws focused on limiting data collection is creating anxiety among businesses—and Maryland is leading the charge. The Maryland Online Data Privacy Act (MODPA), set to take effect in October 2025, requires companies to collect only data that is “reasonably necessary and proportionate” to their stated purposes. However, with

Pennsylvania-based Chord Specialty Dental Partners is under fire after a September 2024 data breach compromised the personal information of over 173,000 individuals. At least seven proposed class action lawsuits have been filed in federal courts in Tennessee and Pennsylvania, alleging the company failed to secure and protect patient data properly.

The lawsuits claim Chord Dental

In yet another reminder that California takes data privacy seriously, this month, the California Privacy Protection Agency (CPPA) fined Florida-based data broker Jerico Pictures, Inc. (d/b/a National Public Data) $46,000 for failing to register under the state’s Delete Act.

The fine is the maximum allowed by law and was imposed after the company failed to

This month, the California Privacy Protection Agency (CPPA) Board discussed updates to the California Consumer Privacy Act (CCPA) draft regulations related to cybersecurity audits, risk assessments, automatic decision-making technology (ADMT), and insurance.

The CPPA received comments on the first draft of the regulations between November 22, 2024, and February 19, 2025, and the feedback was