A sharp contrast in the speed of obtaining appellate review is emerging between two key privacy statutes. While the U.S. Supreme Court is set to resolve a circuit split over the Video Privacy Protection Act (VPPA), litigants grappling with the California Invasion of Privacy Act (CIPA)—a statute one federal judge recently described as a “total
Chinese Enforcement Actions Reinforce Need for Global Privacy Compliance Strategy
China’s internet regulatory authority and top prosecutors have recently released a series of enforcement actions and cases, aimed at highlighting enforcement priorities in the data security realm over the last year. In 2025, enforcements under the Chinese Cybersecurity Law, the Data Security Law, the Personal Information Protection Law, and the Regulations on the Security Management
CIPA Reform in 2026: What Website Operators Need to Know
Over the last few years, businesses, nonprofits, and other website operators have seen thousands of lawsuits and arbitrations filed under the California Invasion of Privacy Act (CIPA) alleging that the use of ubiquitous cookies and pixels on websites violates CIPA’s wiretap and pen register provisions. The California legislature considered curbing that explosion of litigation with
New York Governor Vetoes NY Health Privacy Act
On December 19, 2025, New York Governor Kathy Hochul vetoed the New York Health Information Privacy Act (NY HIPA), a health data privacy bill that would have afforded consumer protections to non-HIPAA health data.
Although NY HIPA resembled existing laws, like Washington’s My Health My Data Act, it had several important differences that would have
California Governor Vetoes Employment Automated Decision Systems Bill
On October 13, 2025, California Governor Gavin Newsom vetoed S.B. 7, which would have required human oversight in certain types of employment decisions made solely by automated decision systems (“ADS”). If Gov. Newsom signed the bill, it would have required California employers using automated systems for actions such as hiring, firing, and discipling
California Issues Record $1.35M Fine Against Retailer for CCPA Violations
On September 30, 2025, the California Privacy Protection Agency (CPPA) issued a $1.35 million fine, the largest in the CPPA’s history, against Tractor Supply Company, the nation’s largest rural lifestyle retailer. The fine was issued based on allegations that the company violated its obligations under the California Consumer Privacy Act (CCPA). The CPPA coined its
Court Vacates HIPAA Reproductive Information Privacy Regulations
- The Biden administration issued regulations under HIPAA that prohibited the disclosure of protected health information relating to reproductive health for impermissible purposes, such as prosecutorial investigation.
- Reproductive health information includes information
House Committee Announces Formation of Working Group to Develop Federal Comprehensive Privacy Law
On February 12, 2025, the House Energy and Commerce Committee Chair Brett Guthrie (R-Ky) and Vice Chair John Joyce (R-Pa) announced the formation of 12-member working group tasked with developing comprehensive data privacy legislation to establish a national privacy framework governing how companies can collect, use, and share personal data.
The announcement of the working
Historic $1.4 Billion Data Privacy Settlement between Meta and Texas
The State of Texas and Meta Platforms Inc. (“Meta”) have agreed to a $1.4 billion settlement, to be paid out over five years, to resolve claims relating to Meta’s alleged use of facial recognition technology without user consent. This settlement marks the largest privacy settlement obtained by a single state and is the first one
Minnesota Legislature Sends Privacy Bill to Governor
Minnesota becomes the latest state to move to pass legislation regulating the processing and controlling of personal data (HF 4757 / SF 4782). If signed into law by Governor Tim Walz, the Minnesota Consumer Data Privacy Act, or MCDPA, would go into effect on July 31, 2025 and provide various consumer data privacy