For the second time in a week, California privacy regulators announced a significant fine against a business for failing to satisfy California Consumer Privacy Act’s (CCPA) “clear and conspicuous” opt-out requirements. The...more
The recently filed complaint in a California district court by Epic Systems and several large health systems against Health Gorilla and other entities places healthcare interoperability at the center of a broader debate about...more
Here are curated AG and federal regulatory news stories highlighting key areas in which state and federal regulators’ decisions are having an impact across the US: • Runoffs Set for Both Parties in Texas AG Primaries - •...more
California employers can now get a first look at the state’s key workplace-related legislative proposals in 2026. The state’s deadline for introducing new legislation in the current session was February 20, and lawmakers...more
The California Privacy Protection Agency has issued two new enforcement decisions that underscore its expanding focus on data broker accountability under the Delete Act. In actions announced on January 8, 2026, CalPrivacy...more
On January 14, 2026, the Federal Trade Commission finalized a sweeping order against General Motors LLC, General Motors Holdings LLC, and OnStar LLC. The order resolves allegations that the companies collected, retained, and...more
Recent developments under California’s data broker law, the Delete Act, signal intensified focus by the California Privacy Protection Agency (“CalPrivacy”) on businesses that sell personal information. In particular,...more
As privacy regulations continue to evolve in the U.S., states are increasingly requiring businesses to honor universal opt-out signals that communicate a consumer’s data-sharing preferences. Global Privacy Control (GPC) is a...more
November 2025: A flurry of activity from the states, from privacy cases in Arizona and California to a multistate coalition investigating BNPL providers just as the holiday shopping season gets underway...more
West Virginia AG J.B. McCuskey, assisted by private outside counsel, filed a federal lawsuit against Optum Inc., United Healthcare’s pharmacy benefit manager, and several affiliated entities, alleging that Optum exacerbated...more
Good Sunday evening from Seattle . . . Our weekly Online Travel Update for the week ending Friday, December 5, 2025, is below. With last week’s Thanksgiving holiday break, our list of stories this week is longer than usual....more
A mobile gaming company just agreed to pay $1.4 million and implement corrective measures to resolve allegations that it violated the California Consumer Privacy Act (CCPA), another reminder that mobile apps and digital...more
The Sunshine State has officially stepped into the privacy-enforcement arena. On October 13, 2025, Florida Attorney General James Uthmeier announced that the Office of Parental Rights filed a civil enforcement action against...more
California’s Attorney General has been taking swift action against businesses that make it difficult for consumers to opt-out of data collection practices. In a lawsuit filed last week, the AG claimed that streaming service...more
State laws like Washington’s My Health My Data Act and Nevada’s SB 370 are redefining what counts as health data—casting a wide net over common retail signals such as location, browsing behavior, loyalty IDs, and ad tags when...more
A federal judge in San Francisco just gave website operators a major win, calling the California Invasion of Privacy Act “a total mess” – but the ruling also highlights major privacy risks businesses still face nationwide....more
Pennsylvania could soon join the growing list of states to enact comprehensive data privacy laws, and businesses that operate in PA must take note. Earlier this month, the commonwealth’s House passed a bipartisan consumer...more
Officials from California, Colorado, and Connecticut just announced a coordinated investigative sweep targeting companies whose websites may be ignoring automatic opt-out preference signals that users can configure in their...more
In 2020, California was the first mover in state comprehensive privacy law legislation, a distinction it held for approximately three years before other states took similar action. Indeed, eighteen additional states have...more
In July 2025, the California Privacy Protection Agency (CPPA) Board unanimously approved new regulations pursuant to the California Consumer Privacy Act (CCPA) that specifically address the use of automated decisionmaking...more
Businesses should be aware of recent public outreach in California – and other states with consumer privacy laws – signaling that increased enforcement activity is on the horizon. For instance, the California Privacy...more
On June 20, 2025, the New York Child Data Protection Act (CDPA) took effect, ushering in some of the most comprehensive child and teen privacy protections in the United States. The law applies to operators of websites, apps,...more
Here are curated AG and federal regulatory news stories highlighting key areas in which state and federal regulators’ decisions are having an impact across the US: • Connecticut Law Aims to Weed Out Illegal Sales of...more
On June 2, Gov. Tina Kotek signed HB 2008 amending the Oregon Consumer Privacy Act (the Act) to increase protection both for personal data collected from consumers younger than 16 years of age and for all Oregonians' precise...more
When direct-to-consumer genetic testing company 23andMe Holding Co. and its affiliates (together, “23andMe”) filed for chapter 11 bankruptcy on March 24, 2025, they possessed data from over 15 million customers. Specifically,...more