The Telephone Consumer Protection Act (TCPA) has not been updated in over 30 years. The Federal Communications Commission (FCC) has been asked by Congress to take “decisive action in addressing the escalating issue of fraudulent and scam text messages that target American consumers.” The TCPA restricts the hours in which telemarketers can call, prevents businesses

Following the Sephora and DoorDash enforcement actions, on June 18, 2024, the California Attorney General announced its third California Consumer Privacy Act (CCPA) enforcement action against Tilting Point Media LLC. Tilting Point is a mobile video game developer, including children’s games. The California AG alleged that Tilting Point collected and shared children’s data without parental

Below is an excerpt of a legal update co-authored with Government Enforcement + White Collar Defense Partner David E. Carney.

On June 17, the Department of Justice (DOJ) announced settlements of alleged False Claims Act (FCA) violations associated with cybersecurity requirements in contracts to provide a secure environment for online applications for federal housing

This week Marriott Hotel Services was hit with a class action lawsuit for alleged violations of the Illinois’ Biometrics Information Privacy Act (BIPA). The lawsuit alleges that the hotel violated BIPA by requiring workers to scan their fingerprints as a means to clock in at work without proper notice or consent.

BIPA prohibits businesses from:

Intercontinental Exchange, Inc. (ICE), the owner of the New York Stock Exchange, has agreed to settle with the Securities and Exchange Commission (SEC) for $10 million over allegations that it failed to timely notify the SEC of the cybersecurity incident it experienced in 2021 involving its virtual private network.

The SEC alleged that ICE should

In a significant setback for Elon Musk’s X Corp (formerly Twitter), a U.S. District Judge has dismissed the company’s lawsuit against an Israeli data-scraping firm, Bright Data Ltd. We previously reported on X’s recent spree of lawsuits against data-scraping companies.

The court held X Corp failed to demonstrate that Bright Data violated its user agreement

This week, the Massachusetts Supreme Judicial Court (SJC) reviewed a lower court’s dismissal of gun-related indictments against Richard Dilworth, Jr., related to the state’s refusal to disclose the bitmojis and usernames it used to conduct online surveillance through Snapchat accounts in 2017 and 2018.

Police arrested Dilworth for possession of a loaded revolver after Boston

In the latest surge of lawsuits against retailers for embedding tracking technology into websites, yummy cookie company Crumbl was sued on May 1, 2024, for allegedly embedding web-tracking technology allowing third-party processing company Stripe to obtain, without consumer consent, customers’ names, email and delivery addresses, geographic locations, IP addresses, and payment information when consumers surf

The Federal Trade Commission (FTC) has assumed the authority to enforce unauthorized data disclosures under the Federal Trade Commission Act (FTC Act). During the past three weeks, the FTC has used this authority to go after healthcare companies that disclose their customers’ personal data without permission.

On April 11, the FTC sued Monument, an online

The Federal Communications Commission (FCC) has announced that it has levied almost $200 million in fines against “the nation’s largest wireless carriers for illegally sharing access to customers’ location information without consent and without taking reasonable measures to protect that information against unauthorized disclosure.”

The FCC’s allegations include that the carriers sold access to customers’