Several people spoke out about how the California Privacy Protection Agency's draft rule changes to the data broker registration regime (see 2503050020) will affect small businesses, during the CPPA’s public meeting Friday. Ahead of the meeting, the agency released draft rule changes that support the state’s upcoming data-deletion mechanism (see 2502270066).

The General Data Protection Regulation shouldn't become a tiered, risk-based entity, though the European Commission should have more centralized power to enforce it, Charly Helleputte, Squire Patton Boggs EU data privacy attorney, emailed. His comments responded to Axel Voss' recent tiered GDPR proposal. Voss is a German Member of the European Parliament from the European People's Party Group. He discussed his proposal during a March 3-4 Centre for European Policy Studies Ideas Lab panel.

Lead sponsors of the Kids Online Safety Act (KOSA) haven't had substantive discussions about reintroducing the bill in the House, Rep. Kathy Castor, D-Fla., told us in a recent interview.

Expect the Trump administration’s FTC to take a less aggressive approach to privacy enforcement than the prior administration, a former FTC enforcer said at a BBB National Programs webinar Thursday. Meanwhile, Texas Attorney General Ken Paxton (R) has focused on enforcement claims related to geolocation data, said Tyler Bridegan, who heads that state’s privacy enforcement unit.

Several groups said in amicus briefs they support Snap and Meta in arguing to the California Supreme Court that the social media platforms shouldn't be required to turn over posts and other communications made on the apps as evidence in a California murder case. Doing so would significantly decrease the power of the 1986 Stored Communications Act (SCA), they argued in briefs obtained by Privacy Daily.

State fervor for child online safety bills continued apace this week. Wyoming and Utah approved age-verification measures, while several states advanced bills or introduced them. Kids privacy and online safety have been a major focus for state legislatures this year (see 2502250017 and 2501170053). Accordingly, Privacy Daily is tracking more than 100 of these bills across the country (see map).

Maryland lawmakers will narrow definitions in a data broker tax proposal so the bill targets hundreds, not thousands, of businesses, Sen. Katie Hester (D) said Wednesday (see 2502250042).

Stick with the New Hampshire privacy law that took effect Jan. 1, industry lobbyists urged during a state House Judiciary Committee hearing Wednesday. The committee heard testimony on HB-195, which sponsor Rep. Bob Lynn (R) described as a supplement to the comprehensive New Hampshire Data Privacy Act (NHDPA). It’s “a very reasonable bill" that had bipartisan support last year, he said.

Recent court rulings in California Invasion of Privacy Act (CIPA) cases may signal that judges are more skeptical about what counts as an actual injury under violations of the statute, said privacy lawyers: That could lead to more decisions in favor of businesses over plaintiffs. However, the lawyers said there's a long way to go before a definitive ruling is made.

Privacy experts said they’re closely watching how a direct relationship is defined in California Privacy Protection Agency draft rules for the Delete Request and Opt-Out Platform (DROP), an upcoming data deletion mechanism required by the California Delete Act. The CPPA last week posted draft rule changes to data broker registration rules (see 2502270066). The board is scheduled to weigh the draft and get a DROP update from staff at its meeting Friday.