Businesses should map their automated decision-making technology (ADMT), review and revise privacy policies, plan for cybersecurity audits and review vendor contracts in response to California Privacy Protection Agency rules adopted July 24, some privacy law practices advised in recent client alerts. The rules are expected to be finalized without changes shortly.

The expansion of data broker liability in states like Texas and California has companies considering multistate compliance approaches, privacy attorneys told us in interviews.

Though the White House’s plans to collaborate with tech companies in building a health data-sharing system could ultimately result in a beneficial network, its current lack of clarity and transparency about data protections is concerning, consumer advocates said.

The Senate Privacy Subcommittee is focused on the Judiciary Committee’s jurisdiction over privacy legislation, but expect collaboration with the Senate Commerce Committee, Sen. Marsha Blackburn, R-Tenn., told us Thursday. Other senators offered views on the White House's plans to work with tech companies to build a healthcare data-sharing system (see 2507310067).

Meta violated the California Invasion of Privacy Act (CIPA) when it intentionally eavesdropped on users of the health app Flo Health and received sensitive data on users' menstrual cycles and reproductive health, said a federal jury decision Friday that was posted Monday. The plaintiffs alleged Flo transmitted their personal information without user consent to the social media platform and other third parties for commercial purposes.

The U.S. has set itself on a "fundamentally divergent path" from the EU by focusing on deregulation and national security in the new White House AI Action Plan (see 2507230058), Pinsent Mason AI and intellectual property attorney Cerys Wyn Davies blogged Thursday.

Mississippi's attorney general asked the U.S. Supreme Court Wednesday to let stand a state law that requires parental consent for those younger than 18 to create accounts with certain digital service providers. AG Lynn Fitch (R) argued that the 5th U.S. Circuit Court of Appeals, which on July 17 allowed the previously-enjoined law to go into effect with a stay on a lower court's injunction, had "compelling, independent merits grounds for issuing the stay."

Though several recent enforcement actions have targeted websites, mobile apps are also subject to all privacy laws, a lawyer said Thursday during a webinar by Privado, a privacy vendor. Daniel Goldberg, a Frankfurt Kurnit lawyer, also noted that it's no longer enough for companies to rely on privacy vendors for compliance; they must practice due diligence too.

Minnesota's comprehensive privacy law that took effect Thursday uniquely requires companies to allow consumers to question their automated decisions. The law also includes uncommon requirements about material changes to privacy polices and giving lists of third parties to consumers. While companies will also for the first time face requirements such as having to conduct data inventories and appoint chief privacy officers, many of the law's stipulations are already best practices, privacy lawyers told us.

President Donald Trump’s possible health-tracking system with Big Tech companies should increase the urgency for New York Gov. Kathy Hochul (D) to sign a health data privacy bill that passed the state legislature months ago, Assemblymember Linda Rosenthal (D) said in a Wednesday interview with Privacy Daily: “I will bring it to” the governor's office’s “attention today.”