Data minimization is an evolving regulatory landscape that is garnering increased awareness lately as trust and transparency become more of a focus for organizations and data breaches highlight the impact of having extra data, said panelists during a webinar hosted by compliance vendor TrustArc on Thursday.
Maryland’s attorney general could make privacy rules despite lacking direct rulemaking authority from the Maryland Online Data Privacy Act (MODPA), WilmerHale’s Samuel Kane said Thursday during a webinar by Privado, a compliance vendor. That could tighten requirements under the state's comprehensive privacy law taking effect next month, the privacy attorney said. Meanwhile, MODPA is set to break ground for state privacy laws due to its unique data minimization provision, but companies can prepare now by more closely documenting how they use data, Kane said.
The EU General Court threw out a challenge to the EU-U.S. Data Privacy Framework (DPF) on Wednesday, confirming that the U.S. adequately protects Europeans' personal data and that trans-Atlantic data flows can continue.
Congress should amend the Gramm-Leach-Bliley Act and preempt all state privacy laws from regulating financial services, the Mortgage Bankers Association (MBA) said in comments to the House Financial Services Committee.
The federal jury decision earlier this month that Meta violated the California Invasion of Privacy Act (CIPA) illustrates how tracking technologies can pose serious risks if not responsibly deployed, said Ice Miller lawyers in a Monday blog post. The jury in Frasco v. Flo Health, Inc. found the social media platform intentionally eavesdropped on users of the health app Flo Health without consent and received sensitive data on users' menstrual cycles and reproductive health (see 2508040041).
So far in 2025, state lawmakers and regulators have focused on data related to health, children, geolocation and biometrics, said Sidley privacy attorneys Colleen Theresa Brown, Sheri Porath Rockwell and Sasha Hondagneu-Messner in a blog post Thursday.
Minnesota's comprehensive privacy law that took effect Thursday uniquely requires companies to allow consumers to question their automated decisions. The law also includes uncommon requirements about material changes to privacy polices and giving lists of third parties to consumers. While companies will also for the first time face requirements such as having to conduct data inventories and appoint chief privacy officers, many of the law's stipulations are already best practices, privacy lawyers told us.
Sens. Marsha Blackburn, R-Tenn., and Amy Klobuchar, D-Minn., on Wednesday restarted the Senate's privacy legislation conversation with a hearing exploring what “core principles” and state protections could be incorporated into a federal bill.
The U.S. Supreme Court decision that upheld Texas' law requiring age verification to access adult websites (see 2506270041) will have a ripple effect, prompting the creation of similar laws in states along with constitutional questions about how and where age verification can happen, said privacy experts in recent blog posts. Similarly, advocacy groups that disagreed with the high court's decision argued it may embolden other states to expand the definition of off-limits material, further challenging the First Amendment and ultimately letting politicians make content decisions (see 2507070037).
Colorado shouldn’t use upcoming kids’ privacy regulations as a “back door” to require age verification, retailers warned the state’s law department last week. In addition to warning against requiring verification through possible rules about a company’s “willful disregard” of a user being a minor, industry groups cautioned that any regulation of system design features mustn’t violate the First Amendment.