Enforcement + Litigation

Subscribe to Enforcement + Litigation via RSS

On January 1, 2026, broad new privacy laws will take effect in Kentucky, Indiana, and Rhode Island, granting consumers in those states greater control over their personal data. With these additions, 19 states now have comprehensive privacy laws in place, which is a significant shift in the data privacy landscape since California led the way in 2018 with the

December 2025 saw India’s courts in New Delhi and Mumbai tackle a new breed of lawsuits: leading Indian cinema celebrities fighting back against unauthorized deepfakes and AI-generated impersonations. Nandamuri Taraka Rama Rao (NTR Jr.), R. Madhavan, and Shilpa Shetty—all famous Indian actors—filed and won powerful court orders aimed at blocking the spread of synthetic images

The recent decision in Wiley v. Universal Music Group highlights how courts are scrutinizing website operators’ privacy controls and representations, particularly regarding cookie banners and opt-out tools. 2025 WL 3654085 (N.D. Cal. Dec. 17, 2025). In a recent decision, although Universal Music Group (UMG) dodged most of the putative class claims over its handling of

Overview of Commonwealth v. Kurtz

On December 16, 2025, the Pennsylvania Supreme Court held that individuals do not have a reasonable expectation of privacy in general, unprotected Google search records. Commonwealth v. Kurtz, No. 98 MAP 2023 (Pa. Dec. 16, 2025). In this criminal case, law enforcement obtained a so-called “reverse keyword search warrant” from

Last week, Massachusetts’ Supreme Judicial Court delved into a case with potentially national implications: should Meta platforms face a lawsuit alleging that Instagram’s design illegally hooks kids with addictive features?

The justices appeared divided as they questioned whether Meta’s practices are protected by Section 230 of the Communications Decency Act, the law that shields online

On November 6, 2025, Texas reached a settlement regarding Senate Bill 140 (SB 140), which set forth amendments to the “state’s mini-TCPA” (Chapters 301-305 of the state’s Business and Commerce Code). In a joint motion to dismiss, the state clarified that businesses who only send marketing texts to users who have opted in need not

On December 1, 2025, the Federal Trade Commission (FTC) approved a proposed complaint and order against Illuminate Education, Inc., an education technology provider requiring it to “to implement a data security program and delete unnecessary data to settle allegations that the company’s data security failures led to a major data breach, which allowed hackers to

A recent lawsuit filed in the United States District Court for the Western District of North Carolina is spotlighting risks businesses face when using prerecorded telemarketing messages without proper consent. The case, Toledo v. QuoteWizard.com, LLC, 3:2025CV00949 (W.D.N.C. 11.24.25) alleges that QuoteWizard, an insurance comparison subsidiary of LendingTree, violated the Telephone Consumer Protection Act

Jam City, Inc., a prominent mobile gaming company behind popular franchises such as Harry Potter and Frozen, has agreed to pay $1.4 million in civil penalties to resolve allegations that it violated the California Consumer Privacy Act (CCPA) by failing to provide adequate privacy opt-out mechanisms for its users. This resolution, announced by