Pleasing businesses, California lawmakers further scaled back a privacy bill requiring support for universal opt-out signals so it now covers only browsers. At a hearing Tuesday, the Senate Judiciary Committee voted 11-0 to advance AB-566 to the Appropriations Committee. In addition, the Judiciary Committee forwarded a bill that would require social media platforms to treat consumers deleting accounts as requests to delete their information under the California Consumer Privacy Act (CCPA). The panel also supported requiring warning labels on social media.

Qualified researchers would gain access to the internal data of companies designated as very large online platforms (VLOPs) and search engines (VLOSEs) under the EU Digital Services Act (DSA). The new access stems from part of a "delegated act," the European Commission announced Wednesday.

Utah should consider amending its comprehensive privacy law, given the underwhelming number of consumer privacy complaints filed in the statute’s first 18 months, said Attorney General Derek Brown (R) and the Utah Division of Consumer Protection in a report obtained Wednesday by Privacy Daily. “Complaints have not been as forthcoming as anticipated,” it said, but “violations are likely occurring.”

Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching the title or clicking on the hyperlinked reference number.

A controversial proposed change to the California Invasion of Privacy Act (CIPA) will be held until next year, said state Sen. Anna Caballero (D) during an Assembly Public Safety Committee hearing Tuesday. The committee advanced Caballero’s SB-690 to the Privacy Committee with the understanding that it will be delayed. A day earlier, the committee staff raised questions about whether SB-690 was designed to protect “mom-and-pop” businesses from frivolous lawsuits.

Effective Tuesday, an amendment to the Colorado Privacy Act (CPA) that enhances protections for biometric identifiers widens the scope of whom the privacy law applies to and forces companies to review their policies, said privacy lawyers. Enacted as HB-1130 in June 2024, the measure compels entities that collect biometric data to meet stringent notice and consent requirements if they use or intend to use it for unique identification (see 2406030010).

A California-led multistate coalition sued the U.S. Department of Health and Human Services (HHS) on Tuesday for providing individuals' health data to the Department of Homeland Security (DHS) and Immigration and Customs Enforcement (ICE).

Legislators in Texas, Maryland and Vermont say they will renew bipartisan efforts to regulate AI at the state level after the U.S. Senate on Tuesday dropped its proposed AI moratorium.

Healthline must pay California $1.55 million as part of a record proposed settlement under the California Consumer Privacy Act, Attorney General Rob Bonta (D) said Tuesday. It also includes a novel injunctive term prohibiting the company “from sharing article titles that reveal that a consumer may have already been diagnosed with a medical condition,” the attorney general's office said.

Data protection authorities (DPAs) are increasingly helping mold AI model training rules that also spur innovation, a Future of Privacy Forum (FPF) panel said at a June 27 webinar focused on developments in Brazil and France.