There has been a quiet shift recently where state privacy enforcement is often aided behind the scenes by private law firms, according to a Tuesday blog post from Frankfurt Kurnit attorneys. These firms typically develop the case and can even appear in the final complaint filed in court, lawyers Daniel Golberg and Holly Melton wrote.
Biometric Privacy
Biometric privacy laws regulate how companies handle sensitive personal identifiers like facial scans, fingerprints and voiceprints. In the U.S., Illinois’ BIPA has led to landmark litigation and multimillion-dollar settlements, setting a precedent for consent, data retention and security standards. Other states and countries are following suit with their own biometric requirements. This page covers key lawsuits, regulatory action and compliance best practices in the biometrics space.
The Office of the Australian Information Commissioner will focus on sectors and technologies that compromise rights and create power and information imbalances, Information Commissioner Elizabeth Tydd said Tuesday as the OAIC released its 2025-2026 agenda.
The California Privacy Protection Agency (CPPA) announced a $55,400 fine Tuesday against Accurate Append for failing to register as a data broker and pay the annual fee required by the state’s Delete Act (see 2507290031). The CPPA's latest fine signals the agency's crackdown on data brokers, said Troutman Amin law clerk Tammana Malik in a blog post. However, a study last month on California data brokers argues they largely ignore regulation.
The Minnesota Consumer Data Privacy Act, which goes into effect this Thursday, gives consumers new rights and requires that businesses follow stricter measures to protect personal data, said Attorney General Keith Ellison (D) and Rep. Steve Elkins (D), who authored the law.
The Connecticut attorney general's office is shifting from focusing on transparency and facial requirements to more in-depth work, examining whether organizations' privacy mechanisms are working and in compliance, three assistant attorneys general said during an IAPP KnowledgeNet event Tuesday.
A Massachusetts bill that would protect sensitive information in data breaches cleared the Joint Committee on Advanced IT, the Internet and Cybersecurity on Monday. The panel referred H-93 to the House Ways and Means Committee.
Companies operating in Latin America should be aware that data protection authorities (DPAs) there are increasing guidance and enforcement, said panelists during a webinar Tuesday sponsored by TrustArc, a privacy compliance vendor.
A Texas-based firm that conducts drug and alcohol testing suffered a data breach last year that exposed the personal information of almost 750,000 individuals, a law firm said Monday. Multiple states also recently reported the breach of Alcohol and Drug Testing Service (TADTS). The company may have violated state and federal laws by disclosing the breach well after it occurred.
Using AI to recognize emotions is "dubious and risky," the Dutch Data Protection Authority (AP) said Tuesday.
AI and data breaches were among top issues last year for Italian data protection authority Garante, it said Tuesday in an annual report.