Enforcement + Litigation

Subscribe to Enforcement + Litigation via RSS

The Attorneys General of California, Connecticut, and Colorado, along with the California Privacy Protection Agency (“the Coalition”) announced on September 9, 2025, that they are banding together as a coalition on an investigative sweep of “potential noncompliance” with Global Privacy Control (GPC), that provides businesses with “an easy-to-use browser setting or extension that automatically signals

In August, the Office for Civil Rights (OCR) published guidance relating to individuals’ rights to access their protected health information (PHI) under HIPAA. As we covered in our earlier blog post about the August guidance, the new FAQs came amidst OCR’s continued enforcement focus on its Right of Access initiative, under which the OCR has

Disney has agreed to pay $10 million and change how it labels children’s videos on YouTube to settle claims by the Federal Trade Commission (FTC) that the company violated federal children’s privacy laws.

The settlement resolves allegations that Disney subsidiaries Disney Worldwide Services Inc. and Disney Entertainment Operations LLC failed to properly flag some of

On July 29, 2025, the Consumer Financial Protection Bureau (CFPB) stated in a legal briefing that it has decided to reconsider an agency rule “with a view to substantially revis[e] it and provid[e] a robust justification.” The federal district court hearing the case granted the motion, thus pausing the lawsuit for now.

The rule at

Following in the footsteps of almost two dozen attorneys general in other states, Kentucky Attorney General Russell Coleman filed a lawsuit on July 17, 2025, against Chinese online shopping platform Temu, alleging that it unlawfully collects Kentuckians’ data, violating their privacy, and counterfeiting “some of Kentucky’s most iconic brands.”

The complaint alleges that Temu:

On June 30, 2025, Block, Inc.—an electronic financial services company that operates Cash App—entered into a proposed settlement with customers regarding unsolicited text messages from the company. The dispute stemmed from a marketing campaign that allowed Cash App users to refer their contacts to use the application.

Cash App allowed users to click an “Invite

On July 1, 2025, California Attorney General Rob Bonta announced a settlement with Healthline Media LLC stemming from alleged violations of the state’s consumer privacy law, the California Consumer Privacy Act (CCPA). According to the complaint, Healthline’s privacy practices failed to comply with several core CCPA requirements.

Opt-Out Mechanisms

Under the CCPA, California residents have

On June 16, 2025, the Federal Trade Commission (FTC) issued FAQs that directly affect many automobile dealers, clarifying how its Safeguards Rule (the Rule), part of the FTC’s implementation of the Gramm-Leach-Bliley Act (GLBA), applies to the automotive sector. The Rule requires non-banking financial institutions to implement measures to protect customer information—and the FTC is

On June 13, 2025, a federal court in the Northern District of California held that a putative Video Privacy Protection Act (VPPA) class action lawsuit belonged in arbitration, thanks to the defendant company’s arbitration clause.

If you’ve been following our blog, you’ve seen the rise in VPPA class action litigation against companies that provide video