On November 21, 2025, California Attorney General (AG) Rob Bonta announced a $1.4 million settlement with Jam City, Inc. (company), a mobile game app company, for alleged failures to enable in-app opt-outs from the sale and sharing of personal information across many of the company’s mobile apps as required by the California Consumer Privacy Act […]
Tracking
Multistate Privacy Investigative Sweep Targeting Website Global Privacy Control (GPC) Noncompliance
On September 9, 2025, the California Privacy Protection Agency (CPPA) announced a joint investigation sweep targeting businesses that may be failing to honor consumers’ opt-out requests submitted via Global Privacy Control (GPC) signals, in coordination with the Attorneys General of California, Colorado, and Connecticut. The CPPA’s announcement underscores a growing trend of multi-jurisdictional collaboration among […]
CPPA Issues Revised Draft CCPA Regulations; Votes to Initiate Public Comment Period
On May 1, 2025, the California Privacy Protection Agency (“CPPA”) Board convened to discuss revisions to the California Consumer Privacy Act (“CCPA”) draft regulations on cybersecurity audits, risk assessments, automatic decisionmaking technology (“ADMT”), insurance, and updates to the existing CCPA regulations. The revisions were informed by comments received by the CPPA during the formal public […]
California Attorney General Targets Location Data in New Investigative Sweep
This week California Attorney General Rob Bonta announced a new investigative sweep under the California Consumer Privacy Act (CCPA). We have anticipated this sweep for some time based on the focus and the direction of a number of inquiries, investigations, and enforcement proceedings initiated by Attorney General Bonta’s office over the past 12-24 months. The […]
Colorado AG Recognizes Global Privacy Control as the First Valid Universal Opt-Out Mechanism
On December 29, 2023, the Colorado Attorney General (the “AG”) announced that the Global Privacy Control (“GPC”) will become the first universal opt-out mechanism (“UOOM”) the AG considers valid under the Colorado Privacy Act (the “CPA”). Effective July 1, 2024, controllers subject to the CPA will need to treat Colorado consumers’ privacy preferences submitted through […]