California Privacy Protection Agency (CalPrivacy) fines for Delete Act violations next fall could rise from tens of thousands of dollars to tens of millions of dollars -- at least -- with no room for negotiation on total penalties, panelists said on a webinar by consumer privacy vendor Reklaim on Wednesday. In addition, many more companies may be considered data brokers covered by the law than realize it now, they said.

Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching the title or clicking on the hyperlinked reference number.

Instacart offers various prices to different customers for the exact same product, according to an independent study by Groundwork Collaborative, Consumer Reports and More Perfect Union. In an email to Privacy Daily, Instacart rejected the study's assertions that it uses personal, demographic and other data to set online prices.

Consumer advocates released a model bill on AI chatbots Tuesday that aims to address growing privacy concerns around the technology. Consumer Federation of America, Electronic Privacy Information Center (EPIC) and Fairplay have already shared the "People-First Chatbot Bill" with lawmakers in several states and plan to talk to more legislators soon, EPIC counsel Kara Williams told Privacy Daily.

New York senators delivered a controversial New York health data privacy bill to Gov. Kathy Hochul (D) on Monday, nearly a year after it quickly passed the legislature back in January (see 2501280023). Transmission of S-929 gives Hochul 10 days to decide its fate, a spokesperson for the governor's office said Tuesday. “The Governor will review the legislation."

Expect the House Commerce Committee to pass kids safety legislation, despite the lack of support from Democrats, Republican sponsors of the bills told us in interviews.

Shadow AI remains a significant challenge for businesses, said panelists during a Practising Law Institute webinar Monday. They discussed an IBM Cost of a Data Breach 2025 report that focused on the problem of employees using AI platforms that aren't sanctioned by the workplace.

The U.S. Supreme Court’s decision to forego reviewing a Video Privacy Protection Act (VPPA) case means questions and conflicting rulings on the statute will remain unsettled, leaving businesses in a lurch, David Krueger, privacy litigator at Benesch, told Privacy Daily Monday.

The U.S. Supreme Court on Monday signaled a willingness to uphold President Donald Trump’s firing of FTC Commissioner Rebecca Kelly Slaughter, a decision that liberal justices said could totally upend existing structures at independent agencies like the FTC and the FCC (see 2511280002).

The modest fine of $56,000 that California Privacy Protection Agency’s (CalPrivacy) assessed against a company recently for failing to register as a data broker (see 2512030029) “may be the last penalty we see of this size,” said Dentons privacy attorney Dalton Cline, who sees several factors increasing monetary burdens on violators in the future.