Data privacy attorneys from Wiley on Monday offered a rundown on the process for responding to an FTC inquiry.
Meta violated the California Invasion of Privacy Act (CIPA) when it intentionally eavesdropped on users of the health app Flo Health and received sensitive data on users' menstrual cycles and reproductive health, said a federal jury decision Friday that was posted Monday. The plaintiffs alleged Flo transmitted their personal information without user consent to the social media platform and other third parties for commercial purposes.
Health app Flo Health reached a settlement Thursday in a case involving allegations that sensitive health information was shared with third parties without user consent. Earlier in July, Google, also a defendant in case 21-00757, said it reached a settlement with the plaintiffs (see 2507090063). No details were released in either settlement.
It’s important for organizations to “actively stay up to date” on DOJ’s sensitive data rule even though enforcement began on July 9, blogged Constangy Brooks lawyers on Thursday.
So far in 2025, state lawmakers and regulators have focused on data related to health, children, geolocation and biometrics, said Sidley privacy attorneys Colleen Theresa Brown, Sheri Porath Rockwell and Sasha Hondagneu-Messner in a blog post Thursday.
With federal agencies deemphasizing rulemaking and enforcement, “states are advancing more prescriptive cybersecurity standards for financial institutions, including many that align with the approach and standards set by the New York Department of Financial Services (NYDFS),” the Cooley law firm blogged Wednesday.
Though several recent enforcement actions have targeted websites, mobile apps are also subject to all privacy laws, a lawyer said Thursday during a webinar by Privado, a privacy vendor. Daniel Goldberg, a Frankfurt Kurnit lawyer, also noted that it's no longer enough for companies to rely on privacy vendors for compliance; they must practice due diligence too.
There has been a quiet shift recently where state privacy enforcement is often aided behind the scenes by private law firms, according to a Tuesday blog post from Frankfurt Kurnit attorneys. These firms typically develop the case and can even appear in the final complaint filed in court, lawyers Daniel Golberg and Holly Melton wrote.
States should amend comprehensive privacy laws to remove loopholes for consumer reporting agencies (CRAs), the Electronic Privacy Information Center (EPIC) said in a white paper released Tuesday.
Age-verification vendors weren't "surprised" by attempts to circumvent proof-of-age mechanisms once the U.K. Online Safety Act (OSA) rules took effect Friday, Age Verification Providers Association Executive Director Iain Corby told us Tuesday.