On November 21, 2025, California Attorney General (AG) Rob Bonta announced a $1.4 million settlement with Jam City, Inc. (company), a mobile game app company, for alleged failures to enable in-app opt-outs from the sale and sharing of personal information across many of the company’s mobile apps as required by the California Consumer Privacy Act […]
Behavioral Tracking
Multistate Privacy Investigative Sweep Targeting Website Global Privacy Control (GPC) Noncompliance
On September 9, 2025, the California Privacy Protection Agency (CPPA) announced a joint investigation sweep targeting businesses that may be failing to honor consumers’ opt-out requests submitted via Global Privacy Control (GPC) signals, in coordination with the Attorneys General of California, Colorado, and Connecticut. The CPPA’s announcement underscores a growing trend of multi-jurisdictional collaboration among […]
CPPA Issues Revised Draft CCPA Regulations; Votes to Initiate Public Comment Period
On May 1, 2025, the California Privacy Protection Agency (“CPPA”) Board convened to discuss revisions to the California Consumer Privacy Act (“CCPA”) draft regulations on cybersecurity audits, risk assessments, automatic decisionmaking technology (“ADMT”), insurance, and updates to the existing CCPA regulations. The revisions were informed by comments received by the CPPA during the formal public […]
Arkansas Enacts Children and Teens’ Online Privacy Protection Act
On April 21, 2025, Arkansas Governor Sarah Huckabee Sanders signed into law the Arkansas Children and Teens’ Online Privacy Protection Act (Act), which will become effective on July 1, 2026. It draws inspiration from the federal Children and Teens’ Online Privacy Protection Act (COPPA 2.0) and provides stronger privacy protections for Arkansas residents under thirteen […]
Key Takeaways from CPPA’s Recent Settlement with an Automotive Manufacturer for Alleged CCPA Violations
On March 12, 2025, the California Privacy Protection Agency (CPPA) published its decision approving a Stipulated Final Order (Order) against a major automotive manufacturer (company) for violations of the California Consumer Privacy Act (CCPA). The Order requires the company to pay a $632,500 fine and implement several changes to its data handling practices. These changes […]