Data Privacy

Subscribe to Data Privacy via RSS

Video game developer Ubisoft, Inc. came out on top earlier this month in the Northern District of California when a judge dismissed, with prejudice, a class action claiming that the company’s use of third-party website pixels violated privacy laws. The judge concluded that the “issue of consent defeat[ed] all of Plaintiffs’ claims.” Lakes v. Ubisoft

In a big win for businesses, a California federal court just held that a “tester” plaintiff—someone who visits websites to initiate litigation—cannot bring a claim under the California Invasion of Privacy Act (CIPA). Rodriguez v. Autotrader.com, Inc., No. 2:24-cv-08735, 2025 WL 65409 (C.D. Cal. 1.8.25). Tester plaintiffs have started to focus on consumer protection

Yahoo’s ConnectID is a cookieless identity solution that allows advertisers and publishers to personalize, measure, and perform ad campaigns by leveraging first-party data and 1-to-1 consumer relationships. ConnectID uses consumer email addresses (instead of third-party tracking cookies) to produce and monetize consumer data. A lawsuit filed in the U.S. District Court for the Southern District

This week, the California Privacy Protection Agency (CPPA) board held its April meeting to discuss the latest set of proposed regulations, including automated decision-making technology (ADMT) regulations. Instead of finalizing these rules, the board continued its debate and considered further amendments to the draft regulations. Notably, some members proposed changing the definition of ADMT and

HaveIBeenPwned is a website that allows users to check whether their data has been involved in data breaches. The website’s creator, Troy Hunt, was the subject of a phishing attack earlier this week. The attack was unrelated to the HaveIBeenPwned website and compromised Hunt’s personal Mailchimp account.

According to Hunt, he received an email purporting

The California Privacy Protection Agency (CPPA) the agency responsible for implementing and enforcing the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) (collectively the CCPA), protecting consumer privacy, and ensuring compliance with data privacy regulations, has announced an investigate sweep into companies’ collection of sensitive location data. The CPPA has already

The California Privacy Protection Agency (CPPA) and Background Alert, Inc. (a California-based data broker) settled allegations that Background Alert failed to register and pay the annual fee required by the California Delete Act. This settlement is part of the CPPA’s investigative initiative announced back in October 2024.

The Delete Act requires data brokers to register

Beware of demand letters from plaintiffs’ attorneys for allegations of illegal use of pen registers, trap and trace pixels, and search bar pixels—why? This “trap and trace” litigation is a growing trend for plaintiffs’ attorneys because they can leverage existing wiretap laws (particularly in California under the California Invasion of Privacy Act (CIPA)) to argue