A three-judge panel of the 5th U.S. Circuit Court of Appeals denied an en banc rehearing of the rejection of a $57 million FCC fine against AT&T for violating the agency's data protection rules. The panel modified its April opinion slightly, removing language that referred to a 2012 5th Circuit decision in U.S. v. Stevens (see 1208210038).

Department of Government Efficiency (DOGE) activities at the Social Security Administration (SSA) involved data security lapses that risk the exposure of more than 300 million Americans’ social security information, alleged a protected whistleblower Tuesday. SSA denied that its handling of the data put citizens at risk, however.

The Colorado House on Tuesday voted 48-14 to pass legislation delaying implementation of the Colorado AI Act until June 30, 2026 (see 2508250038). The chamber passed SB-4 a day after the Senate, but the measure still needs a signature from Gov. Jared Polis (D). A consumer advocate blamed Polis and Big Tech for the collapse of an earlier deal that labor and civil society groups had struck with some businesses.

Bluesky's decision to block Mississippi IP addresses from its social media platforms highlights the inefficiencies and problems that come with age-verification laws, said consumer privacy and tech industry officials. After the U.S. Supreme Court allowed the state age-verification law to stand last week (see 2508140048), Bluesky announced its response in a statement Friday (see 2508220047).

It’s time to start “operationalizing the laundry list of requirements currently in the Colorado AI Act because it looks like a last-minute reprieve is unlikely,” said Denver-based privacy attorney Josh Hansen of Shook Hardy, as state legislators returned for the fifth day of their special session Monday.

A federal judge ruled Monday that New Jersey’s Daniel’s Law isn't preempted by the National Voter Registration Act (NVRA), refusing to dismiss two voter registration record websites from a consolidated constitutionality case about the statute. However, Judge Harvey Bartle found for the U.S. District Court for New Jersey that the state law is inconsistent with a provision of the Fair Credit Reporting Act (FCRA) and dismissed part of the complaint.

A bevy of entities, including advocacy organizations and media groups like the New York Times, filed amicus briefs earlier this week that blasted California’s Age-Appropriate Design Code (AADC) Act for infringing on privacy and First Amendment rights, with some saying the statute reigns in nearly every form of online content including news sites.

While recent court decisions have added to a circuit split on the Video Privacy Protection Act (VPPA) of 1988 (see 2508190026), some have also introduced notable interpretations of how the statute should apply, privacy lawyers said in interviews with Privacy Daily.

By the second day of a whirlwind special session in Colorado, state legislators had halved the number of proposals to amend the Colorado AI Act to two. On Thursday, House and Senate Business committees approved a variety of amendments to a pair of leading AI proposals before advancing them to each chamber’s Appropriations Committee.

The Information Commissioner's Office (ICO) and data protection attorneys are looking to advise companies on key changes to the U.K.'s privacy landscape as a result of the U.K. Data (Use and Access) Act 2025 (DUAA), in effect as of Wednesday.