The California Privacy Protection Agency (CPPA) announced a $55,400 fine Tuesday against Accurate Append for failing to register as a data broker and pay the annual fee required by the state’s Delete Act (see 2507290031). The CPPA's latest fine signals the agency's crackdown on data brokers, said Troutman Amin law clerk Tammana Malik in a blog post. However, a study last month on California data brokers argues they largely ignore regulation.

Companies are considering relocating business operations from China and cutting off certain data flows in a conservative approach to complying with DOJ’s data transfer rule, privacy attorneys told us in interviews.

The Minnesota Consumer Data Privacy Act, which goes into effect this Thursday, gives consumers new rights and requires that businesses follow stricter measures to protect personal data, said Attorney General Keith Ellison (D) and Rep. Steve Elkins (D), who authored the law.

A coalition of 20 states and the District of Columbia filed a lawsuit Monday against the U.S. Department of Agriculture (USDA) over what they claim are unlawful attempts to collect the personal data of millions of Supplemental Nutrition Assistance Program (SNAP) recipients from the states. Led by the attorneys general of California and New York, the suit -- filed in the U.S. District Court for Northern California -- argues the federal demand for state data violates the U.S. Constitution and multiple federal privacy laws.

Wisconsin Rep. Shannon Zimmerman (R) aims to fast-track comprehensive privacy legislation when state legislators return from summer recess, he said in an interview last week with Privacy Daily. The lawmaker is hopeful that he will find bipartisan support and that the bill will pass in 2025 after it hit roadblocks in prior legislative sessions, he said.

Businesses should start thinking now about complying with new data-protection regulations approved Thursday by the California Privacy Protection Agency (CPPA), privacy attorneys said immediately afterward in blogs and LinkedIn posts. While consumer privacy advocates slammed the rules as weak, one acknowledged they still give California a lead over other U.S. states.

The California Privacy Protection Agency will soon take 15 days of comments on revised draft rules for implementing a data-deletion mechanism under the California Delete Act, the five-person CPPA board decided unanimously during a partially virtual meeting Thursday. The agency expects to extensively test the system to work out any kinks before data brokers start accessing it in August 2026, said General Counsel Philip Laird.

The Senate should revisit legislation to protect consumers’ health data privacy outside the scope of the Health Insurance Portability and Accountability Act (HIPAA), Sens. Bill Cassidy, R-La., and Jacky Rosen, D-Nev., told us in recent interviews (see 2507090048).

Recent settlements show the vulnerability of companies that hire privacy vendors and think they're in compliance, Frankfurt Kurnit attorneys said during a webinar Thursday. In addition, they noted that states besides California are becoming more active in privacy litigation and enforcement.

The California Privacy Protection Agency approved rules on automated decision-making technology (ADMT) and other subjects at a partially virtual meeting Thursday. CPPA Board members voted 5-0 to clear the rulemaking package, which also covers risk assessments, cybersecurity audits, insurance and updates to California Consumer Privacy Act (CCPA) regulations.