A recent decision from the Northern District of California reminds corporate defendants in Internet tracking cases that strategies to defeat class certification based on individualized issues can be just as critical as merit-based defenses.
In In re Meta Pixel Tax Filing Cases, No. 22-cv-07557-PCP (N.D. Cal. Mar. 30, 2026), a group of plaintiffs sought
On March 20, 2026, Oklahoma’s governor signed S.B. 546 making Oklahoma the latest state to enact a comprehensive state privacy law. The law, effective January 1, 2027, applies to organizations doing business in Oklahoma or targeting residents in Oklahoma that either (i) process 100,000 Oklahoma consumers’ personal data or (ii) process 25,000 Oklahoma consumers’ personal
Following the release of the Trump Administration’s new National Cyber Strategy, National Cyber Director Sean Cairncross noted in a virtual interview that the administration is considering changes to the existing cyber incident reporting rules previously promulgated by the Cybersecurity and Infrastructure Security Agency (CISA). According to Cairncross, the administration wants to ensure the rules
A sharp contrast in the speed of obtaining appellate review is emerging between two key privacy statutes. While the U.S. Supreme Court is set to resolve a circuit split over the Video Privacy Protection Act (VPPA), litigants grappling with the California Invasion of Privacy Act (CIPA)—a statute one federal judge recently described as a “total
Navigating the 2026 CCPA Updates
As forecasted, effective January 1, 2026, businesses that are subject to the California Consumer Privacy Act (CCPA) must comply with newly-updated regulations. For some businesses, complying with these updates will require the implementation of or updates to policies and procedures related to, among other things, risk assessments, cybersecurity
Over the last few years, businesses, nonprofits, and other website operators have seen thousands of lawsuits and arbitrations filed under the California Invasion of Privacy Act (CIPA) alleging that the use of ubiquitous cookies and pixels on websites violates CIPA’s wiretap and pen register provisions. The California legislature considered curbing that explosion of litigation with
On June 11, 2025, Connecticut passed Senate Bill 01295 (SB 01295). If signed by the governor, SB 01295 will amend the existing Connecticut Data Privacy Act (CTDPA) in several important ways, with the amendments going into effect on July 1, 2026.
Expanded Scope: In what is seen as a general trend, SB 01295
On February 12, 2025, the House Energy and Commerce Committee Chair Brett Guthrie (R-Ky) and Vice Chair John Joyce (R-Pa) announced the formation of 12-member working group tasked with developing comprehensive data privacy legislation to establish a national privacy framework governing how companies can collect, use, and share personal data.
The announcement of the working
On October 22, 2024, the Consumer Financial Protection Bureau (“CFPB”) issued its final rule implementing Section 1033 of the Dodd-Frank Act (the “Final Rule” or the “Open Banking Rule”), granting consumers greater access rights to the data their financial institutions hold. Although there are some differences, the Final Rule largely tracks the Proposed Rule announced
In a recent decision from the Southern District of Florida, U.S. District Judge Robert N. Scola, Jr. denied class certification of a proposed class of paid Univision NOW subscribers who assert that Univision NOW’s use of the Meta Pixel violates the Video Privacy Protection Act (VPPA). The three proposed class representatives allege D2C, LLC, doing