Utah should consider amending its comprehensive privacy law, given the underwhelming number of consumer privacy complaints filed in the statute’s first 18 months, said Attorney General Derek Brown (R) and the Utah Division of Consumer Protection in a report obtained Wednesday by Privacy Daily. “Complaints have not been as forthcoming as anticipated,” it said, but “violations are likely occurring.”
Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching the title or clicking on the hyperlinked reference number.
Healthline must pay California $1.55 million under the largest proposed settlement yet under the California Consumer Privacy Act, Attorney General Rob Bonta (D) said Tuesday. The settlement, which is pending final court approval, also includes a novel injunctive term prohibiting the company “from sharing article titles that reveal that a consumer may have already been diagnosed with a medical condition,” the AG's office said.
Healthline must pay California $1.55 million as part of a record proposed settlement under the California Consumer Privacy Act, Attorney General Rob Bonta (D) said Tuesday. It also includes a novel injunctive term prohibiting the company “from sharing article titles that reveal that a consumer may have already been diagnosed with a medical condition,” the attorney general's office said.
AT&T's proposed $177 million settlement stemming from 2019 and 2024 data breaches shows that multifactor authentication isn't optional, cybersecurity expert Joe Vadakkan wrote last week. In the 2024 incident, hackers penetrated AT&T's Snowflake cloud system using credentials that didn't have MFA and made off with customers' call and text metadata, he said. "Weak credential protections" made the hack possible, he added. "Supply chain vigilance is critical," as the Snowflake breach came via "internal compromises." The settlement received preliminary approval in U.S. District Court earlier this month.
Former Facebook users whose personal data was collected as part of the Cambridge Analytica matter some 10 years ago may now register for restitution under an AU$50 million payment ($33 million based on today's exchange rates) program Meta agreed to with the Australian Office of the Information Commissioner (OAIC), the office announced Thursday.
The 7th U.S. Circuit Court of Appeals could soon issue a ruling on the retroactivity of a 2023 amendment to the Illinois Biometric Information Privacy Act (BIPA), which would provide significant clarity about pending BIPA cases, said blog posts by multiple law firms.
The FTC’s 2024 settlement with NGL Labs and 2023 agreement with Epic Games could serve as a blueprint for federal and state enforcers protecting teens from privacy and design-related harms, former Consumer Protection Bureau Director Samuel Levine told Privacy Daily in an interview Monday.
A federal court on Wednesday declined to block a Tennessee law requiring that social media companies verify the age of account holders and gain parental consent from users younger than 18 before they can open accounts.
The FTC’s unfairness authority can continue to be a useful enforcement tool in holding social media companies liable for harming teens, former FTC Chair Lina Khan wrote in a Stanford Law Review article with former Consumer Protection Bureau Director Samuel Levine and former Chief Technologist Stephanie Nguyen.