The California Privacy Protection Agency revealed -- and raised the stakes in -- an investigation of Tractor Supply Company, filing a court petition Wednesday that alleges the retailer failed to comply with an investigative subpoena seeking information about its compliance with the California Consumer Privacy Act (CCPA).
Though the White House’s plans to collaborate with tech companies in building a health data-sharing system could ultimately result in a beneficial network, its current lack of clarity and transparency about data protections is concerning, consumer advocates said.
Meta violated the California Invasion of Privacy Act (CIPA) when it intentionally eavesdropped on users of the health app Flo Health and received sensitive data on users' menstrual cycles and reproductive health, said a federal jury decision Friday that was posted Monday. The plaintiffs alleged Flo transmitted their personal information without user consent to the social media platform and other third parties for commercial purposes.
Mississippi's attorney general asked the U.S. Supreme Court Wednesday to let stand a state law that requires parental consent for those younger than 18 to create accounts with certain digital service providers. AG Lynn Fitch (R) argued that the 5th U.S. Circuit Court of Appeals, which on July 17 allowed the previously-enjoined law to go into effect with a stay on a lower court's injunction, had "compelling, independent merits grounds for issuing the stay."
Though several recent enforcement actions have targeted websites, mobile apps are also subject to all privacy laws, a lawyer said Thursday during a webinar by Privado, a privacy vendor. Daniel Goldberg, a Frankfurt Kurnit lawyer, also noted that it's no longer enough for companies to rely on privacy vendors for compliance; they must practice due diligence too.
Exports are a crucial part of the Trump administration's AI Action Plan, whose goal is for the U.S. to win the AI race, said Michael Kratsios, director of the White House Office of Science and Technology Policy, during a Center for Strategic & International Studies (CSIS) event Wednesday. There's also the potential for a revival of the 10-year moratorium on enforcing state AI regulations in the action plan, an official said, though specifics weren't provided.
The California Privacy Protection Agency (CPPA) announced a $55,400 fine Tuesday against Accurate Append for failing to register as a data broker and pay the annual fee required by the state’s Delete Act (see 2507290031). The CPPA's latest fine signals the agency's crackdown on data brokers, said Troutman Amin law clerk Tammana Malik in a blog post. However, a study last month on California data brokers argues they largely ignore regulation.
The Minnesota Consumer Data Privacy Act, which goes into effect this Thursday, gives consumers new rights and requires that businesses follow stricter measures to protect personal data, said Attorney General Keith Ellison (D) and Rep. Steve Elkins (D), who authored the law.
Recent settlements show the vulnerability of companies that hire privacy vendors and think they're in compliance, Frankfurt Kurnit attorneys said during a webinar Thursday. In addition, they noted that states besides California are becoming more active in privacy litigation and enforcement.
The Connecticut attorney general's office is shifting from focusing on transparency and facial requirements to more in-depth work, examining whether organizations' privacy mechanisms are working and in compliance, three assistant attorneys general said during an IAPP KnowledgeNet event Tuesday.