On November 21, 2025, California Attorney General Rob Bonta announced a $1.4 million settlement with Jam City, Inc. (“Jam City”), a mobile app gaming company, for alleged violations of the California Consumer Privacy Act (“CCPA”) and Unfair Competition Law (“UCL”). The Jam City settlement marks Attorney General Bonta’s sixth settlement obtained under the CCPA and reflects a continued focus on how businesses present opt-out rights mechanisms to California consumers, including minors.Continue Reading California AG Announces $1.4 Million Settlement with Mobile App Gaming Developer Over CCPA Violations
Indiana Attorney General Releases Data Consumer Bill of Rights
In advance of the Indiana Consumer Data Protection Act’s (“Act”) effective date on January 1, 2026, the Indiana Attorney General released a Data Consumer Bill of Rights (“Bill of Rights”) that summarizes the rights created in the Act.Continue Reading Indiana Attorney General Releases Data Consumer Bill of Rights
End-of-Year 2025 State and Federal Developments in Minors’ Privacy
Since our mid-year recap on minors’ privacy legislation, several significant developments have emerged in the latter half of 2025. We recap the notable developments below.Continue Reading End-of-Year 2025 State and Federal Developments in Minors’ Privacy
California Attorney General Announces $530,000 CCPA Settlement with Sling TV
On October 30, 2025, California Attorney General Bonta announced a $530,000 settlement related to allegations that Sling TV, an internet-based live TV service, violated the California Consumer Privacy Act (“CCPA”) and the California Unfair Competition Law. This is the first enforcement action arising from the California Department of Justice’s (“DOJ”) investigative sweep of streaming services and connected TVs, which was announced in January 2024.Continue Reading California Attorney General Announces $530,000 CCPA Settlement with Sling TV
Global Privacy Regulators Launch Enforcement Sweep Focused on Children’s Data Protection
Last week, the Global Privacy Enforcement Network (“GPEN”)—a global network of over 30 national data protection authorities—announced the launch of its annual privacy sweep. The purpose of the sweep is to examine how websites and mobile applications commonly used by children handle minors’ personal information. Members of GPEN include regulators who have long prioritized protections for children and teens, such as the Federal Trade Commission (“FTC”), the California Attorney General, the California Privacy Protection Agency, the UK Information Commissioner’s Office, the French Commission Nationale de l’Informatique et des Libertés (“CNIL”), and the Irish Data Protection Commission.Continue Reading Global Privacy Regulators Launch Enforcement Sweep Focused on Children’s Data Protection
California Finalizes Updates to Existing CCPA Regulations
On September 23, 2025, the California Privacy Protection Agency announced that the state’s Office of Administrative Law approved regulations that update existing California Consumer Privacy Act (“CCPA”) regulations and introduce new regulations covering cybersecurity audits, risk assessments, and automated decision-making technology. The updates to the existing regulations—which take effect on January 1, 2026—expand business obligations under the CCPA and give consumers more control over their personal information. This blog post highlights key updates to the existing regulations. Continue Reading California Finalizes Updates to Existing CCPA Regulations
California Enacts New Privacy Laws
Recently, California Governor Gavin Newsom signed into law several privacy and related proposals, including new laws governing browser opt-out preference signals, social media account deletion, data brokers, reproductive and health services, age signals for app stores, social media “black box warning” labels for minors, and companion chatbots. This blog summarizes
Continue Reading California Enacts New Privacy LawsCalifornia Privacy Agency Fines Tractor Supply $1.35 Million Over CCPA Violations
On September 30, 2025, the California Privacy Protection Agency (“Agency”) announced a decision and $1.35 million fine to resolve allegations that Tractor Supply Co. (“Tractor Supply”) violated the California Consumer Privacy Act (“CCPA”). The settlement comes after the Agency filed a petition to enforce an investigative subpoena against Tractor Supply. In addition to imposing the Agency’s largest fine to date, the settlement also marks the Agency’s first enforcement action related to job applicant personal data. Similar to the enforcement actions against American Honda Motor Co., Inc. and Todd Snyder, Inc., the Agency continues to focus on how businesses facilitate consumer rights under the CCPA.Continue Reading California Privacy Agency Fines Tractor Supply $1.35 Million Over CCPA Violations
Navigating California’s New and Emerging AI Employment Regulations
The California Civil Rights Council and the California Privacy Protection Agency have recently passed regulations that impose requirements on employers who use “automated-decision systems” or “automated decisionmaking technology,” respectively, in employment decisions or certain HR processes. On the legislative side, the California Legislature passed SB 7, which would impose
Continue Reading Navigating California’s New and Emerging AI Employment RegulationsOregon DOJ Publishes Enforcement Report on the Oregon Consumer Privacy Act
On August 29, the Oregon Department of Justice (DOJ) issued an enforcement report and press release covering its first year of enforcement of the Oregon Consumer Privacy Act (OCPA). The OCPA took effect on July 1, 2024, and the cure period sunsets on January 1, 2026. We previously summarized some of requirements in the OCPA here. This blog summarizes notable takeaways from the enforcement report.Continue Reading Oregon DOJ Publishes Enforcement Report on the Oregon Consumer Privacy Act