Despite a modest fine, a settlement this week between Connecticut and online marketplace TicketNetwork over potential violations of the state's Data Privacy Act (CTDPA) (see 2507080010) includes significant takeaways, privacy professionals said. However, a consumer advocate said the $85,000 penalty -- the first under the CTDPA -- also shows how comprehensive privacy laws based on Connecticut's model don't do enough to protect consumers.
It's not just app stores that must pay attention to a crop of new age-verification laws in Utah, Texas and Louisiana, Orrick attorneys blogged Thursday: It's app developers, too.
Some state lawmakers are looking to pass legislation regulating the data broker industry in the wake of the shooting deaths last month of former Minnesota House Speaker Melissa Hortman (D) and her husband and the attempted killing of John Hoffman (D), a Minnesota senator, and his wife.
The Health Insurance Portability and Accountability Act (HIPAA) hasn’t kept pace with privacy risks associated with wearable devices, Senate Health Committee Chairman Bill Cassidy, R-La., said during a hearing Wednesday. Sen. John Hickenlooper, D-Colo., also addressed the issue, noting state laws like the Colorado Privacy Act impose security requirements on companies selling wearables.
The Free Speech Coalition said it’s weighing legal options as age-verification laws took effect Tuesday in multiple states.
A controversial proposed change to the California Invasion of Privacy Act (CIPA) will be held until next year, said state Sen. Anna Caballero (D) during an Assembly Public Safety Committee hearing Tuesday. The committee advanced Caballero’s SB-690 to the Privacy Committee with the understanding that it will be delayed. A day earlier, the committee staff raised questions about whether SB-690 was designed to protect “mom-and-pop” businesses from frivolous lawsuits.
Effective Tuesday, an amendment to the Colorado Privacy Act (CPA) that enhances protections for biometric identifiers widens the scope of whom the privacy law applies to and forces companies to review their policies, said privacy lawyers. Enacted as HB-1130 in June 2024, the measure compels entities that collect biometric data to meet stringent notice and consent requirements if they use or intend to use it for unique identification (see 2406030010).
NetChoice filed an additional lawsuit against Arkansas late Friday as it attempted to block a pair of measures that would amend the state’s 2023 Social Media Safety Act, which a court ruled unconstitutional in late March following a NetChoice challenge (see 2504010044).
A comprehensive privacy law taking effect Tuesday in Tennessee may appear business-friendly compared with similar measures in other states, but privacy lawyers note that it also contains some of the highest penalties for noncompliance. Companies could avoid a Tennessee crackdown by taking advantage of a novel safe harbor in the law, Mintz’s Cynthia Larose told Privacy Daily.
Maine has joined a growing list of states in which comprehensive privacy bills stalled in 2025. However, Rep. Amy Kuhn (D), the Maine Judiciary Committee’s House chair, told Privacy Daily on Thursday that her LD-1822 will return in 2026.