Maryland lawmakers will narrow definitions in a data broker tax proposal so the bill targets hundreds, not thousands, of businesses, Sen. Katie Hester (D) said Wednesday (see 2502250042).

Stick with the New Hampshire privacy law that took effect Jan. 1, industry lobbyists urged during a state House Judiciary Committee hearing Wednesday. The committee heard testimony on HB-195, which sponsor Rep. Bob Lynn (R) described as a supplement to the comprehensive New Hampshire Data Privacy Act (NHDPA). It’s “a very reasonable bill" that had bipartisan support last year, he said.

Recent court rulings in California Invasion of Privacy Act (CIPA) cases may signal that judges are more skeptical about what counts as an actual injury under violations of the statute, said privacy lawyers: That could lead to more decisions in favor of businesses over plaintiffs. However, the lawyers said there's a long way to go before a definitive ruling is made.

Privacy experts said they’re closely watching how a direct relationship is defined in California Privacy Protection Agency draft rules for the Delete Request and Opt-Out Platform (DROP), an upcoming data deletion mechanism required by the California Delete Act. The CPPA last week posted draft rule changes to data broker registration rules (see 2502270066). The board is scheduled to weigh the draft and get a DROP update from staff at its meeting Friday.

Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching on the title or by clicking on the hyperlinked reference number.

The U.S. District Court for Western Washington partially dismissed a class-action complaint Tuesday claiming that a hospital violated the Health Insurance Portability and Accountability Act (HIPAA) and other laws. Plaintiffs alleged that Overlake Hospital Medical Center implemented the Facebook Tracking Pixel and other browser plugins on its website, then disclosed website users' information to third parties, including Facebook and Google, without consent, in violation of HIPAA and the center's privacy policies.

The Consumer Financial Protection Bureau’s proposed data broker rule exceeds the CFPB's authority under the Fair Credit Reporting Act (FCRA), tech and open finance groups told the agency in comments this week (see 2503030069).

A Maryland Democrat and state retailers rallied for a bill that would remove teeth from data minimization rules in the Maryland Online Data Privacy Act (MODPA) during a livestreamed hearing Tuesday. But consumer groups lambasted HB-1365, as they did shortly after it was introduced last month (see 2502100032), arguing that it would gut the privacy law that takes effect Oct. 1.

Washington state bills requiring privacy and AI transparency are apparently dead after missing a Friday cutoff to clear fiscal committees in the legislature. However, child privacy bills in the House and Senate cleared their respective fiscal committees in time.

Senate Republicans expect a straightforward path to confirming FTC nominee Mark Meador, which would allow the commission’s Republican majority to act on two privacy rulemakings.