A California privacy enforcer’s first use of a purpose-limitation requirement under the California Consumer Privacy Act (CCPA) makes this week’s record $1.55 million settlement with Healthline a significant enforcement action for companies in many sectors, privacy experts told Privacy Daily this week. Also significant was the highly technical, in-depth investigation that the office of Attorney General Rob Bonta (D) conducted, they said. Signs point to increased privacy enforcement ahead.
A controversial proposed change to the California Invasion of Privacy Act (CIPA) will be held until next year, said state Sen. Anna Caballero (D) during an Assembly Public Safety Committee hearing Tuesday. The committee advanced Caballero’s SB-690 to the Privacy Committee with the understanding that it will be delayed. A day earlier, the committee staff raised questions about whether SB-690 was designed to protect “mom-and-pop” businesses from frivolous lawsuits.
Healthline must pay California $1.55 million as part of a record proposed settlement under the California Consumer Privacy Act, Attorney General Rob Bonta (D) said Tuesday. It also includes a novel injunctive term prohibiting the company “from sharing article titles that reveal that a consumer may have already been diagnosed with a medical condition,” the attorney general's office said.
In a reversal, the 9th U.S. Circuit Court of Appeals recently decided a privacy case against Bloomingdale's, ruling that the retailer violated the California Invasion of Privacy Act (CIPA) when it tracked an online shopper's movement without consent. The decision indicates the court's favorable sentiment concerning protecting citizens' privacy and a shift in its approach to the wiretapping statute, Loeb & Loeb privacy lawyer Allison Cohen blogged.
Microsoft sought dismissal of a lawsuit alleging it improperly collects ad data in a way that mimics surveillance and can identify individual users. It argued Monday that plaintiffs in case 25-00570 -- individuals who used Microsoft to access various websites -- were attempting to "stretch common-law privacy and wiretap laws beyond their intended scope.”
Understanding “data flows” and “who has access" are the most important steps in making a good-faith effort to comply with the DOJ’s bulk data transfer rule before a three-month grace period ends, said privacy attorney Nancy Libin during a Davis Wright webinar Tuesday. DOJ will begin full enforcement July 8 (see 2504140047).
A court dismissed a class action lawsuit against the NFL that alleged the league violated the Video Privacy Protection Act (VPPA) by employing the Meta-tracking pixel without user notice and consent. Issued Friday, the summary order ruled that an "ordinary person" could not determine a user's Facebook ID through the pixel's transmission.
Cookies and other tracking technologies were considered simple tools to enhance website users' experience but have become "ground zero" in the data-protection consent space, privacy and cybersecurity attorney Scott Loughlin said at a June 12 Hogan Lovells webinar.
U.S. companies can use state privacy laws to better gauge when they’re considered data brokers under DOJ’s data transfer rule, Hunton privacy attorney Michael La Marca said during a Tuesday webinar.
The use of tracking pixels is growing, raising issues about email, French privacy watchdog CNIL said Thursday as it unveiled a consultation on draft recommendations for using pixels. CNIL said it's receiving increasing complaints about pixels and wants to help stakeholders who use such trackers understand their obligations around user-consent collection.