If you’ve ever browsed Etsy looking for a handmade candle or a quirky T-shirt, you might have unknowingly shared more than just your shopping preferences. A new lawsuit filed last week in California claims that Etsy has been quietly allowing third-party companies like Google, Meta, and Microsoft to collect personal data from users through website
Data Privacy
Supreme Court Upholds Texas Age-Verification Law, Raising LGBTQ+ Privacy Concerns
This post was authored by William Ollayos, Summer Associate. William is not admitted to practice law.
On June 27, 2025, the U.S. Supreme Court upheld a Texas law requiring pornography websites to verify users’ ages through government-issued ID. The 6–3 decision in Free Speech Coalition v. Paxton marks a significant shift in First Amendment jurisprudence…
Federal Court Sinks CIPA Wiretap Lawsuit Against Royal Caribbean Over TikTok Tracking Tool
In a significant win for Royal Caribbean Cruises, a federal judge dismissed a lawsuit that alleged the cruise line’s website violated a California privacy law by using a TikTok tracking tool. The case, Kishnani v. Royal Caribbean Cruises, challenged the cruise operator’s use of the tool under the California Invasion of Privacy Act (CIPA)…
California’s SB 690: A Game-Changer for Website Privacy Lawsuits Pushes Forward
On June 3, 2025, the California Senate unanimously passed Senate Bill 690 (SB 690) in a 35-0 vote, a strong show of support for reining in a flood of lawsuits that have taken many companies by surprise over the last few years. The bill now heads to the California Assembly, where it will face further…
Is Your Website a Legal Target? Why Chatbots, Cookies + AdTech Are Drawing Lawsuits Under an Old California Law
It’s 2025, and somehow, we’re still dealing with lawsuits over a law that was born in the pen registers and rotary phones era. That law, the California Invasion of Privacy Act (CIPA), a decades-old statute that’s suddenly found new life in the digital age, could put your company in legal crosshairs based on its website…
Janie & Jack’s Alleged CIPA Violations Consolidated, Thus Avoiding Over 2,000 Individual Arbitration Claims
This post was co-authored by Summer Legal Intern Mark Abou Naoum. Mark is not admitted to practice law.
This week, the U.S. District Court for the Northern District of California ruled in favor of children’s clothing retailer Janie & Jack, which sought to enjoin over 2,400 individual arbitration claims resulting from alleged violations of the…
State Data Minimization Laws Spark Compliance Uncertainty
A new wave of state consumer privacy laws focused on limiting data collection is creating anxiety among businesses—and Maryland is leading the charge. The Maryland Online Data Privacy Act (MODPA), set to take effect in October 2025, requires companies to collect only data that is “reasonably necessary and proportionate” to their stated purposes. However, with…
Data Breach Lawsuits Surge Against Chord Specialty Dental Partners
Pennsylvania-based Chord Specialty Dental Partners is under fire after a September 2024 data breach compromised the personal information of over 173,000 individuals. At least seven proposed class action lawsuits have been filed in federal courts in Tennessee and Pennsylvania, alleging the company failed to secure and protect patient data properly.
The lawsuits claim Chord Dental…
Florida Data Broker Fined $46,000 by California Privacy Watchdog
In yet another reminder that California takes data privacy seriously, this month, the California Privacy Protection Agency (CPPA) fined Florida-based data broker Jerico Pictures, Inc. (d/b/a National Public Data) $46,000 for failing to register under the state’s Delete Act.
The fine is the maximum allowed by law and was imposed after the company failed to…
California Privacy Protection Agency Releases Updated Regulations: What’s Next?
This month, the California Privacy Protection Agency (CPPA) Board discussed updates to the California Consumer Privacy Act (CCPA) draft regulations related to cybersecurity audits, risk assessments, automatic decision-making technology (ADMT), and insurance.
The CPPA received comments on the first draft of the regulations between November 22, 2024, and February 19, 2025, and the feedback was…