Eight state regulators on Wednesday announced a collaborative, bipartisan effort on implementation and enforcement of their respective privacy laws.

The California Privacy Protection Agency understands that “hearing from a regulator -- and then disclosing information to a regulator -- can bring anxiety,” the CPPA said this week in a blog post about what companies should expect when the Enforcement Bureau contacts them. “The best approach is to own the facts, build credibility, and work constructively with us.”

Indiana Attorney General Todd Rokita (R) sued General Motors (GM) and its subsidiary OnStar for collecting and selling Indiana drivers’ personal data to third parties without their consent, including insurance companies, violating the company's own Consumer Privacy Protection Principles as well as the state consumer protection laws, Rokita announced Thursday.

New York Attorney General Letitia James (D) on Thursday announced a $975,000 settlement with Root, an auto insurance company she accused of failing to protect the personal data of 45,000 consumers.

The California Privacy Protection Agency’s Honda enforcement order “signals an intent to hold businesses accountable for their data subject request processes,” Polsinelli attorneys blogged Monday. Honda agreed to pay $632,500 and change various privacy practices as part of a settlement with the CPPA, which was unveiled last week (see 2503120037).

California Privacy Protection Agency allegations against Honda “are not specific to the automotive industry, and instead should be viewed as instructive for any business subject to California’s broad and prescriptive CCPA and implementing regulations,” Wiley privacy attorneys blogged Friday.

Texas privacy enforcement is heating up this year, said Morrison Foerster lawyers in a blog post Tuesday. AG Ken Paxton (R) “is intensifying efforts to enforce state privacy laws, indicating increased scrutiny for companies,” they said.

Two law firms alerted clients to increased data broker oversight by California in blog posts last week.

DOJ and a bipartisan group of 38 states submitted a final proposal Friday about ending Google’s search engine monopoly, including data rights and privacy safeguards.

Oregon's privacy unit received more than 100 consumer privacy complaints in the six months after the Oregon Consumer Privacy Act (OCPA) took effect, “showing that Oregonians care about their privacy rights, and that they are engaged with the process,” Attorney General Dan Rayfield (D) said in a report released Friday. The unit began and closed 21 OCPA violations through cure notices between July 1, 2024, and Jan. 1, 2025, it said.