Meta violated the California Invasion of Privacy Act (CIPA) when it intentionally eavesdropped on users of the health app Flo Health and received sensitive data on users' menstrual cycles and reproductive health, said a federal jury decision Friday that was posted Monday. The plaintiffs alleged Flo transmitted their personal information without user consent to the social media platform and other third parties for commercial purposes.
Mississippi's attorney general asked the U.S. Supreme Court Wednesday to let stand a state law that requires parental consent for those younger than 18 to create accounts with certain digital service providers. AG Lynn Fitch (R) argued that the 5th U.S. Circuit Court of Appeals, which on July 17 allowed the previously-enjoined law to go into effect with a stay on a lower court's injunction, had "compelling, independent merits grounds for issuing the stay."
Though several recent enforcement actions have targeted websites, mobile apps are also subject to all privacy laws, a lawyer said Thursday during a webinar by Privado, a privacy vendor. Daniel Goldberg, a Frankfurt Kurnit lawyer, also noted that it's no longer enough for companies to rely on privacy vendors for compliance; they must practice due diligence too.
Exports are a crucial part of the Trump administration's AI Action Plan, whose goal is for the U.S. to win the AI race, said Michael Kratsios, director of the White House Office of Science and Technology Policy, during a Center for Strategic & International Studies (CSIS) event Wednesday. There's also the potential for a revival of the 10-year moratorium on enforcing state AI regulations in the action plan, an official said, though specifics weren't provided.
The California Privacy Protection Agency (CPPA) announced a $55,400 fine Tuesday against Accurate Append for failing to register as a data broker and pay the annual fee required by the state’s Delete Act (see 2507290031). The CPPA's latest fine signals the agency's crackdown on data brokers, said Troutman Amin law clerk Tammana Malik in a blog post. However, a study last month on California data brokers argues they largely ignore regulation.
The Minnesota Consumer Data Privacy Act, which goes into effect this Thursday, gives consumers new rights and requires that businesses follow stricter measures to protect personal data, said Attorney General Keith Ellison (D) and Rep. Steve Elkins (D), who authored the law.
Recent settlements show the vulnerability of companies that hire privacy vendors and think they're in compliance, Frankfurt Kurnit attorneys said during a webinar Thursday. In addition, they noted that states besides California are becoming more active in privacy litigation and enforcement.
The Connecticut attorney general's office is shifting from focusing on transparency and facial requirements to more in-depth work, examining whether organizations' privacy mechanisms are working and in compliance, three assistant attorneys general said during an IAPP KnowledgeNet event Tuesday.
Companies operating in Latin America should be aware that data protection authorities (DPAs) there are increasing guidance and enforcement, said panelists during a webinar Tuesday sponsored by TrustArc, a privacy compliance vendor.
Noting the harms social networks pose to children, several California senators supported a bill Wednesday that would add warning labels to the platforms. Though several groups and members of the public supported the legislation, several senators raised concerns that AB-56 would be challenged in court and industry attacked warning labels as an inadequate solution.