Expect the Trump administration’s FTC to take a less aggressive approach to privacy enforcement than the prior administration, a former FTC enforcer said at a BBB National Programs webinar Thursday. Meanwhile, Texas Attorney General Ken Paxton (R) has focused on enforcement claims related to geolocation data, said Tyler Bridegan, who heads that state’s privacy enforcement unit.

Several groups said in amicus briefs they support Snap and Meta in arguing to the California Supreme Court that the social media platforms shouldn't be required to turn over posts and other communications made on the apps as evidence in a California murder case. Doing so would significantly decrease the power of the 1986 Stored Communications Act (SCA), they argued in briefs obtained by Privacy Daily.

State fervor for child online safety bills continued apace this week. Wyoming and Utah approved age-verification measures, while several states advanced bills or introduced them. Kids privacy and online safety have been a major focus for state legislatures this year (see 2502250017 and 2501170053). Accordingly, Privacy Daily is tracking more than 100 of these bills across the country (see map).

Maryland lawmakers will narrow definitions in a data broker tax proposal so the bill targets hundreds, not thousands, of businesses, Sen. Katie Hester (D) said Wednesday (see 2502250042).

Stick with the New Hampshire privacy law that took effect Jan. 1, industry lobbyists urged during a state House Judiciary Committee hearing Wednesday. The committee heard testimony on HB-195, which sponsor Rep. Bob Lynn (R) described as a supplement to the comprehensive New Hampshire Data Privacy Act (NHDPA). It’s “a very reasonable bill" that had bipartisan support last year, he said.

Recent court rulings in California Invasion of Privacy Act (CIPA) cases may signal that judges are more skeptical about what counts as an actual injury under violations of the statute, said privacy lawyers: That could lead to more decisions in favor of businesses over plaintiffs. However, the lawyers said there's a long way to go before a definitive ruling is made.

Privacy experts said they’re closely watching how a direct relationship is defined in California Privacy Protection Agency draft rules for the Delete Request and Opt-Out Platform (DROP), an upcoming data deletion mechanism required by the California Delete Act. The CPPA last week posted draft rule changes to data broker registration rules (see 2502270066). The board is scheduled to weigh the draft and get a DROP update from staff at its meeting Friday.

Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching on the title or by clicking on the hyperlinked reference number.

The U.S. District Court for Western Washington partially dismissed a class-action complaint Tuesday claiming that a hospital violated the Health Insurance Portability and Accountability Act (HIPAA) and other laws. Plaintiffs alleged that Overlake Hospital Medical Center implemented the Facebook Tracking Pixel and other browser plugins on its website, then disclosed website users' information to third parties, including Facebook and Google, without consent, in violation of HIPAA and the center's privacy policies.

The Consumer Financial Protection Bureau’s proposed data broker rule exceeds the CFPB's authority under the Fair Credit Reporting Act (FCRA), tech and open finance groups told the agency in comments this week (see 2503030069).