A California privacy enforcer’s first use of a purpose-limitation requirement under the California Consumer Privacy Act (CCPA) makes this week’s record $1.55 million settlement with Healthline a significant enforcement action for companies in many sectors, privacy experts told Privacy Daily this week. Also significant was the highly technical, in-depth investigation that the office of Attorney General Rob Bonta (D) conducted, they said. Signs point to increased privacy enforcement ahead.
Healthline called a $1.55 million settlement with California "amicable" after an enforcement action alleged that the company committed a series of privacy violations (see 2507010074).
Utah should consider amending its comprehensive privacy law, given the underwhelming number of consumer privacy complaints filed in the statute’s first 18 months, said Attorney General Derek Brown (R) and the Utah Division of Consumer Protection in a report obtained Wednesday by Privacy Daily. “Complaints have not been as forthcoming as anticipated,” it said, but “violations are likely occurring.”
A bipartisan group of eleven states, led by New Hampshire and Vermont, filed an amicus brief Monday in support of California's litigation against Meta in an online safety case concerning addicting children. The brief highlights other state litigation that has found the Communications Decency Act (CDA) doesn't immunize the social media platform against claims that it employs coercive design features that addict minors. The Electronic Privacy Information Center (EPIC) also filed a brief Monday supporting California.
The Free Speech Coalition said it’s weighing legal options as age-verification laws took effect Tuesday in multiple states.
A controversial proposed change to the California Invasion of Privacy Act (CIPA) will be held until next year, said state Sen. Anna Caballero (D) during an Assembly Public Safety Committee hearing Tuesday. The committee advanced Caballero’s SB-690 to the Privacy Committee with the understanding that it will be delayed. A day earlier, the committee staff raised questions about whether SB-690 was designed to protect “mom-and-pop” businesses from frivolous lawsuits.
Effective Tuesday, an amendment to the Colorado Privacy Act (CPA) that enhances protections for biometric identifiers widens the scope of whom the privacy law applies to and forces companies to review their policies, said privacy lawyers. Enacted as HB-1130 in June 2024, the measure compels entities that collect biometric data to meet stringent notice and consent requirements if they use or intend to use it for unique identification (see 2406030010).
Healthline must pay California $1.55 million as part of a record proposed settlement under the California Consumer Privacy Act, Attorney General Rob Bonta (D) said Tuesday. It also includes a novel injunctive term prohibiting the company “from sharing article titles that reveal that a consumer may have already been diagnosed with a medical condition,” the attorney general's office said.
NetChoice filed an additional lawsuit against Arkansas late Friday as it attempted to block a pair of measures that would amend the state’s 2023 Social Media Safety Act, which a court ruled unconstitutional in late March following a NetChoice challenge (see 2504010044).
In a 6-3 decision, the U.S. Supreme Court on Friday upheld a Texas law requiring age verification for access to porn sites. The ruling sided with Attorney General Ken Paxton (R) in support of the state's HB-1181, which the Free Speech Coalition, an adult industry trade association, challenged in a 2023 lawsuit, saying it violated the First Amendment (see 2409170012).