Data Privacy

Subscribe to Data Privacy via RSS

A recent ruling from the U.S. District Court for the Northern District of California underscores the limits of state privacy statutes, particularly when plaintiffs reside outside the state and the alleged misconduct lacks a clear connection to California. The decision by Judge Jacqueline Scott Corley dismissed a proposed class action against California-based analytics company Samba

A recent federal class action lawsuit challenging Home Depot Inc.’s use of facial scanning technology at self-checkout kiosks has come to a sudden halt. The plaintiff, Benjamin Jankowski, voluntarily dropped the case, with the U.S. District Court for the Northern District of Illinois granting dismissal without prejudice. Jankowski v. The Home Depot, No. 1:25-cv-09144

A recent federal court decision highlights the power of online terms and conditions, and how “choice-of-law” clauses can dramatically influence privacy litigation. In Crowell v. Audible, a Seattle judge dismissed a proposed class action alleging that Audible unlawfully shared its California customers’ browsing and listening data with Meta, finding that the case must proceed

Mergers and acquisitions (M&A) can be transformative, but hidden compliance risks—especially regarding privacy and data protection—often lurk beneath the surface, especially regarding privacy and data protection. In California, strict laws like the California Consumer Privacy Act (CCPA) and the California Invasion of Privacy Act (CIPA) are being aggressively enforced through litigation. Plaintiffs’ firms are increasingly targeting companies whose websites

California continues to lead the way in digital privacy. Its latest step is AB 566, the California Opt Me Out Act. This new law amends the already robust California Consumer Privacy Act (CCPA) and specifically targets how internet browsers empower users to control their personal information.

AB 566 requires that all consumer web browsers (i.e., Chrome, Firefox, Safari

Lawsuits are rapidly multiplying against website operators over how user information is collected and shared. Plaintiffs are increasingly creative in asserting that website tracking tools, especially those tied to search bars, violate wiretap and related electronic communications laws. One emerging legal theory invokes “trap and trace” provisions, meant for surveillance devices, to challenge the capture

The Attorneys General of California, Connecticut, and Colorado, along with the California Privacy Protection Agency (“the Coalition”) announced on September 9, 2025, that they are banding together as a coalition on an investigative sweep of “potential noncompliance” with Global Privacy Control (GPC), that provides businesses with “an easy-to-use browser setting or extension that automatically signals

A California federal court has refused to dismiss a class action lawsuit alleging that Condé Nast unlawfully installed online trackers on its websites, signaling yet another instance of courts applying a decades-old privacy statute to modern data collection practices.

The lawsuit alleges that when the plaintiff visited Condé Nast-owned publications’ websites such as The New

In recent years, private plaintiffs have leveraged the California Invasion of Privacy Act (CIPA) against companies over customer service call recordings, transcription services, and website monitoring. These lawsuits allege that businesses violate CIPA by disclosing or allowing third parties to monitor private communications. Even though many cases are dismissed or settled before trial, defending a