About
Privacy

Privacy

Tracking Privacy legal and regulatory developments.

35 entries in Litigator Tracker

LawSnap Briefing Updated May 11, 2026

State of play.

  • State enforcement is the dominant vector. The Florida AG has launched a formal investigation into OpenAI and ChatGPT citing national security concerns, and California's Privacy Protection Agency has opened rulemaking on CCPA employee data obligations — both moving through existing statutory authority without waiting for federal action .
  • Biometric and health data from consumer tech products are the sharpest compliance edge. Omnibus state privacy laws in California, Connecticut, Indiana, Kentucky, Rhode Island, Washington, and Nevada now classify facial-mapping, body-scan, and wearable health data as sensitive personal information, with state AGs actively investigating tracking practices in the fashion and beauty sectors .
  • Shadow AI inside the enterprise is a live data-breach and regulatory exposure. A 2025 Gartner survey found 69% of organizations have confirmed or suspect prohibited generative AI tool use; a third of employees admit sharing enterprise research or datasets through unsanctioned platforms .
  • Standing doctrine is tightening in federal privacy litigation. The Southern District of Florida dismissed a DPPA class action with prejudice for lack of concrete injury, signaling that data-misuse alone — without tangible financial harm — will not clear Article III in at least some circuits .
  • For counsel advising technology companies, consumer brands, or employers, the practical baseline is a multi-front exposure: state AG enforcement through existing law, an accelerating patchwork of sector-specific biometric and health-data rules, and an internal AI-governance gap that creates breach and regulatory risk before any incident occurs.

Where things stand.

  • State omnibus privacy laws are now operative across a majority of U.S. commerce. California, Connecticut, Indiana, Kentucky, Rhode Island, Washington, and Nevada have enacted consumer privacy frameworks with sensitive-data tiers covering biometrics and consumer health information; enforcement is active, not theoretical .
  • CCPA employee data coverage is hardening. The employment exemption expired January 1, 2023; the California Privacy Protection Agency is now examining whether current notice and disclosure rules require employment-specific revisions, following a 2023 AG enforcement sweep against large employers .
  • New York's synthetic-performer consent regime takes effect June 19, 2026. The Fashion Workers Act and synthetic performer disclosure laws require explicit consent before digital replication of human likenesses and mandate disclaimers for AI avatars in advertising; California has enacted parallel consent laws (AB 2602/AB 1836) .
  • Surveillance pricing is emerging as a distinct privacy-enforcement category. The FTC's Section 6(b) study on consumer-data-driven individualized pricing is active; more than 40 state bills have been introduced in 2026 targeting the practice, and the House Oversight Committee has launched a formal investigation into revenue management algorithms .
  • DPPA standing doctrine is unsettled across circuits. The S.D. Florida dismissal in Cicale v. Professional Parking Management requires tangible injury beyond data misuse; parallel DPPA cases involving Carfax's crash-report data in Maryland are surviving dismissal — courts are distinguishing data-commercialization models .
  • Shadow AI governance is an unresolved enterprise liability. A 2025 Gartner survey found 69% of organizations have confirmed or suspect prohibited generative AI tool use; 27% of employees have exposed employee data through unsanctioned tools, and 23% have input company financial information — creating HIPAA, financial-services, and state privacy exposure simultaneously .
  • Data litigation is broadening beyond tech companies. Claims centered on algorithmic bias, unauthorized data use, AI system liability, and worker surveillance now reach organizations of every size; courts are currently establishing precedents on data ownership, AI procurement obligations, and corporate accountability for algorithmic harms .
  • Federal AI regulatory framework remains contested. The White House "America's AI Action Plan" rejects broad federal regulation in favor of corporate self-management; a Sanders-AOC federal moratorium proposal represents the opposing pole; no comprehensive federal privacy or AI statute has been enacted .

Latest developments.

Active questions and open splits.

  • How far does concrete-injury standing doctrine extend in federal privacy suits? The S.D. Florida DPPA dismissal requires tangible harm beyond data misuse; the Maryland Carfax case is surviving — the split turns on data-commercialization model, but no circuit has resolved the broader question of when statutory privacy violations alone satisfy Article III .
  • Will federal preemption displace state AI and synthetic-performer consent regimes? The December 2025 White House EO seeks federal harmonization of conflicting state AI laws; New York and California have enacted consent mandates that may collide with any federal preemption framework — the interaction is unresolved before New York's June 19 effective date .
  • What constitutes an adequate CCPA employee privacy notice? The CalPrivacy Agency's rulemaking is examining whether current rules require employment-specific revisions; until final rules issue, employers face uncertainty about what notice architecture satisfies the statute .
  • Where is the line between lawful dynamic pricing and actionable surveillance pricing? Regulators are drawing a distinction between market-condition-based pricing and consumer-data-driven individualized pricing, but no court has defined the boundary; companies using revenue management algorithms face simultaneous FTC investigation and multi-state legislative exposure .
  • What governance framework satisfies the duty to prevent shadow AI data exposure? No regulator has issued guidance on what internal controls are required; HIPAA, financial-services, and state privacy regulators could each assert jurisdiction over breaches originating from unsanctioned employee AI use, and the allocation of liability between employer and tool provider is untested .
  • How will courts allocate liability for algorithmic harms across the data supply chain? Early litigation is establishing precedents on data ownership, AI procurement obligations, and corporate accountability for algorithmic bias and worker surveillance — the rules are being written in real time, with no settled framework .

What to watch.

  • CalPrivacy Agency final rules on CCPA employee data notices — whatever issues from this rulemaking will become the compliance floor for all California employers and a template other states will reference.
  • New York Fashion Workers Act and synthetic performer disclosure law enforcement posture after the June 19, 2026 effective date — first enforcement actions will define what "explicit consent" and "clear disclaimer" require in practice.
  • EU AI Act labeling requirements effective August 2026 — the penalty structure (up to €15 million) will drive multinational compliance decisions that affect U.S. operations.
  • FTC Section 6(b) surveillance pricing study output and any resulting rulemaking — the agency's framing of the dynamic-pricing versus consumer-data-pricing distinction will set the enforcement standard nationally.
  • Whether additional state AGs follow Florida's template of investigating AI companies through existing consumer protection and national security authority — the Florida OpenAI probe is the leading indicator of a broader enforcement pattern.
  • Resolution of the DPPA circuit split on concrete injury — if the Maryland Carfax case produces a ruling inconsistent with the S.D. Florida dismissal, a circuit conflict on statutory privacy standing becomes a cert-worthy question.

35 Contributing Entries

UN releases 2026 International AI Safety Report warning of enormous benefits and existential risks

The United Nations released the International AI Safety Report 2026, a comprehensive assessment concluding that advanced artificial intelligence presents both transformative opportunities and escalating dangers. The report, led by the UN agency for digital technology, finds that AI can accelerate development in health, education, and financial services in developing nations while simultaneously enabling cyberattacks, deepfake fraud, non-consensual intimate imagery, and biological weapon design. The core finding: AI capabilities in critical fields like biological research are advancing faster than governance frameworks, creating a dangerous gap between what is technologically possible and what remains safe.

Anthropic and Pentagon Clash Over AI Guardrails, Leading to Contract Termination

The Department of War terminated its $200 million partnership with AI firm Anthropic on February 27, 2026, after the company refused to remove safety restrictions on its Claude model for military use. Defense Secretary Pete Hegseth had issued a three-day ultimatum on February 24 demanding Anthropic disable all guardrails. When CEO Dario Amodei declined, Hegseth designated Anthropic a "supply chain risk," and President Trump issued a presidential order barring all federal agencies from using Anthropic's systems. The dispute centered on two non-negotiable demands from Anthropic: no fully autonomous lethal weapons and no mass surveillance of Americans.

Meta Loses Bid to Dismiss Lawsuit Over Children's Social Media Addiction

California Attorney General Rob Bonta won a significant procedural victory when U.S. District Judge Yvonne Gonzalez Rogers denied Meta Platforms' motion for summary judgment, clearing the way for a multi-state lawsuit alleging the company deliberately designed Facebook and Instagram to addict children. The judge found material factual disputes exist about whether Meta's platforms are addictive and whether the company misled the public about these risks. Critically, Rogers granted summary judgment to the states on one count: Meta failed to obtain sufficient parental consent under the Children's Online Privacy Protection Act (COPPA).

Borrowers Using Generative AI to File Sophisticated Pro Se Litigation Against Lenders

Borrowers and small corporate entities are increasingly using generative AI tools to draft loan-challenge pleadings, motions, and legal arguments without counsel. These AI-assisted pro se filings appear more polished than traditional unrepresented submissions but frequently contain serious defects: citations to nonexistent cases, misstatements of controlling law, and violations of local court rules. The trend is creating measurable friction in commercial lending enforcement, raising costs and delaying resolution for banks and lenders navigating these submissions.

UN independent panel warns unchecked AI progress poses catastrophic risks

On July 1, 2026, the UN's Independent International Scientific Panel on Artificial Intelligence released a preliminary report warning that unregulated AI development is outpacing both scientific understanding and government policy, with no guarantee against catastrophic harm. Led by UN Secretary-General António Guterres and computer scientist Yoshua Bengio, the panel identified specific risks: loss of control over autonomous systems, deceptive AI behaviors, and exploitation for fraud, cyberattacks, and biological threats. The report notes that AI already demonstrates expert-level reasoning in mathematics and science, with task complexity doubling every four to seven months, while current models trained on only a fraction of the world's 7,000 languages produce dangerous errors in health diagnoses for many populations.

India investigates Tata Electronics cyber breach exposing Apple iPhone 18 Pro secrets

Ransomware group World Leaks claimed responsibility for breaching Tata Electronics, a major Apple supplier, and publishing over 200,000 files totaling 630.4 gigabytes on the dark web. The stolen data allegedly includes confidential design documents, component maps, supplier lists, and photographs of unreleased iPhone 18 Pro prototypes undergoing drop tests. Tata Electronics confirmed the cybersecurity incident but stated operations remain unaffected and that response protocols were deployed immediately. The Indian government has launched an official investigation.

ChatGPT and Claude Account Sharing Leads to Privacy Breaches, Data Mix-ups, and Cybersecurity Risks

Users are sharing login credentials for premium AI services—ChatGPT Plus and Claude Pro—exposing themselves to serious privacy breaches. Connor Effrain, a 22-year-old digital fundraising associate, shared his ChatGPT account and inadvertently gave others access to sensitive health information about his Crohn's disease and personal details he had discussed with the chatbot. Both OpenAI and Anthropic explicitly prohibit account sharing in their terms of service, classifying these subscriptions as single-user only. The platforms detect concurrent sessions and suspend accounts that violate this rule.

CES 2026 Highlights Critical Safety Gaps as Humanoid Robots Shift to Real-World Use

At the 2026 Consumer Electronics Show, industry leaders and safety experts confronted an urgent problem: humanoid robots entering hospitals, homes, and factories are injuring people. Recent incidents involving Boston Dynamics' Atlas, Figure AI's Figure 3, 1X's Neo, and other platforms have exposed critical gaps in safety design. The machines' hard bodies, pinch points, and unpredictable movements in unstructured environments pose immediate physical risks that current protocols fail to address. The core issue is functional insufficiency—robots cannot reliably perceive and plan their actions in real-world conditions outside controlled labs.

Washington State AI Task Force Releases Final Report on AI Regulation

On July 1, 2026, Washington's Artificial Intelligence Task Force released its final report, concluding a two-year mandate to evaluate AI deployment across the state and recommend policies balancing innovation with civil rights, consumer, and worker protections. The 19-member task force, coordinated by Attorney General Nick Brown's office under legislation SB 5838, delivered eight key recommendations to the legislature: mandating transparency in AI training data, adopting NIST Ethical AI Principles, and establishing a grant program for public-interest AI startups. The task force identified a critical federal regulatory gap, arguing that state-level action is essential to protect Washington residents from unregulated AI deployment.

Lawyers Moonlight to Train AI While Scammers Impersonate Immigration Attorneys

The legal profession faces a convergence of ethics crises driven by artificial intelligence and fraud. Attorneys are increasingly taking side work training AI models, while scammers deploy AI-generated deepfakes and cloned identities to impersonate immigration lawyers and steal from vulnerable clients. The problem intensified with the exposure of Washington State attorney Alexandra Lozano, who fabricated thousands of domestic abuse and trafficking narratives to secure humanitarian visas without client consent. Her scheme, which enlisted hundreds of employees across Colombia, Mexico, and Argentina to process fraudulent applications, affected tens of thousands of immigrants and drained client bank accounts while exposing victims to deportation risk.

FTC Seeks Public Comment on Policy Statement Addressing AI Accuracy and Ideological Subversion

The Federal Trade Commission announced on July 1, 2026, that it is seeking public comment on a proposed policy statement addressing what it calls "suppression of accuracy in artificial intelligence systems." The FTC voted 2-0 to open a comment period running through July 31, 2026. The core warning: AI companies that distort their systems' outputs to achieve undisclosed ideological objectives may be engaging in deceptive practices under Section 5 of the FTC Act. No specific companies are named, but the policy targets AI developers broadly that manipulate models contrary to reasonable consumer expectations.

Blank Rome Sued Over May 2026 Data Breach Exposing 57K Clients' Data

Blank Rome LLP, a Philadelphia-based national law firm, faces a proposed class action lawsuit alleging it failed to protect sensitive client data after a May 2026 social-engineering attack compromised information on over 57,000 individuals. An unauthorized third party impersonated IT staff and tricked a Blank Rome attorney into uploading confidential files to an external Google Drive account, exposing names, Social Security numbers, and potentially financial and medical records. The lawsuit names Blank Rome as defendant and alleges violations of common law, industry standards, the Federal Trade Commission Act, and HIPAA due to inadequate cybersecurity safeguards and delayed notification.

Connecticut's Major Data Privacy Act Amendments Take Effect July 1, 2026

Connecticut's comprehensive data privacy overhaul took effect on July 1, 2026, substantially tightening compliance obligations across the state. Senate Bill 1295, signed by Governor Ned Lamont on June 24, 2025, amended the Connecticut Data Privacy Act with rules that lower the consumer threshold to 35,000 residents—or even a single resident's sensitive data—and expand regulated categories to include precise geolocation, genetic information, and algorithmic profiling. The Connecticut Department of Consumer Protection will enforce new data broker registration requirements and administer a state-run deletion mechanism. The law now restricts the sale of minors' data for targeted advertising and imposes new disclosure requirements for companies using consumer information to train large language models.

Travel App Hopper Pays $35M to Settle FTC Allegations Over Hidden Fees

Hopper, the AI-powered travel app, has agreed to pay $35 million to settle Federal Trade Commission allegations that it used deceptive interface design to charge hidden fees without user consent. The FTC accused Hopper of misleading travelers about total costs by pre-selecting and burying charges for "Tip" and "VIP Support" within the app. Under the settlement announced July 2, 2026, Hopper must clearly disclose all fees upfront and is prohibited from misrepresenting pricing structures. The settlement funds are designated for consumer redress.

Utah Enacts SB 319 Adding to Wave of State Laws Limiting AI in Health Insurance Denials

Utah enacted Senate Bill 319 on March 19, 2026, effective January 1, 2027, requiring human medical judgment for all adverse insurance preauthorization decisions. The law prohibits insurers from relying solely on AI recommendations when denying coverage and mandates that a licensed reviewer evaluate the provider's request, the patient's medical history, and individual clinical circumstances before any denial. Utah joins Washington, Nebraska, Texas, Colorado, and California in implementing AI guardrails for coverage determinations.

Anthropic Calls for Global AI Freeze Amid Control Concerns

Anthropic, the AI startup behind Claude, has publicly called for a global freeze on advanced AI development, conditional on other companies agreeing to the same restraint. The proposal stems from mounting concerns about AI agent behavior and data security, particularly after recent incidents in which rogue AI agents deleted entire production databases in seconds. Anthropic's position aligns with the Future of Life Institute's open letter urging all AI labs to pause training of systems more powerful than GPT-4 for at least six months, with a suggestion that governments should intervene if private coordination fails.

Jury consultant weighs juror perception in AI chatbot harm lawsuits

Character Technologies and its Character.AI chatbot platform face the first state lawsuit alleging the company violated consumer and data-protection laws by targeting children and facilitating self-harm. Kentucky Attorney General Russell Coleman filed the complaint on January 8, 2026. Separate litigation from Texas parents makes similar allegations—that the chatbot promoted self-harm, violence, and sexual content—and seeks to shut down the platform until safety defects are remedied.

First Circuit Affirms Dismissal of Bayamón Medical Data Breach Case for Untraceable Injury

The First Circuit Court of Appeals has affirmed dismissal of a data breach class action against Bayamón Medical Center, ruling that the plaintiff failed to establish Article III standing. In Santos-Pagán v. Bayamón Medical Center, the court acknowledged that plaintiff Santos-Pagán suffered concrete injury from actual misuse of her information following BMC's 2019 ransomware attack. However, the court held she did not plausibly allege that her injuries were traceable to the breach itself—a fatal gap under Article III's "fairly traceable" requirement. The decision turns on a straightforward principle: allegations of identity-related harm occurring after a data breach do not establish standing without specific factual allegations connecting the breach to the misuse.

Frank Carone's Attorney Argues "Glaring Holes" in Grand Jury Bribery Indictment

Frank Carone, former chief of staff to New York City Mayor Eric Adams, faces a 13-count federal indictment alleging he accepted $120,000 in bribes to secure a $6.8 million migrant shelter contract for a Queens hotel owner. Prosecutors in the Eastern District of New York charge that Carone used his position in 2022 to override Department of Social Services rejections and steer the contract to the Microtel Inn in Long Island City, with monthly payments of $10,000 funneled through his brother Anthony and disguised as legal fees. The indictment also names hotel owner Yan Po Zhu and his business manager Crystal Chen. Carone was arrested on June 24, 2026.

OpenAI Restricts GPT-5.6 Access Following Trump Administration Security Demand

OpenAI has restricted public access to GPT-5.6, its newest AI model, limiting deployment to 20 government-approved partners following security concerns raised by the Trump administration. The company confirmed the limitation aligns with federal reviews evaluating cybersecurity risks tied to the model's advanced capabilities. OpenAI stated explicitly that while it will comply with current security protocols, mandatory pre-release White House approvals should not become standard regulatory practice for AI developers.

California Amends SB 690 to Eliminate Commercial Business Exemption for CIPA

California has stripped a key business protection from Senate Bill 690, eliminating a "commercial business purpose" exemption that would have shielded companies from California Invasion of Privacy Act (CIPA) liability for standard tracking technologies. The California Senate unanimously passed the original bill on June 3, 2025, with the exemption intact, but the provision was removed before or during the amendment process. The bill now stalls in the Assembly as lawmakers reconsider the measure without this safeguard.

NJ Federal Court Rules Atlas Data’s Daniel’s Law Notices Not Spam Attack

A New Jersey federal court has upheld Daniel's Law against constitutional challenge, ruling that the state's judicial privacy statute does not violate the First Amendment and that takedown notices filed by Atlas Data Privacy Corp. do not constitute abuse of process. The court rejected database providers' arguments that the law impermissibly restricts speech and clarified that liability requires proof of both knowing disclosure after the statutory deadline and negligent disregard of statutory duties.

UN Chief Guterres Warns AI Outpacing Oversight, Urges Global Child Safety Pledge

On Monday in Geneva, UN Secretary-General António Guterres issued an urgent call for global artificial intelligence governance, warning that AI development is outpacing regulatory oversight. He proposed an "AI Child Safety Pledge" requiring companies to demonstrate that systems accessible to children are safe and maintain zero tolerance for sexual abuse material. Guterres criticized the technology industry for allowing AI to shape the future without adequate safeguards, calling for common methods to evaluate and verify risks across platforms.

President Trump Signs Two Executive Orders on Quantum Computing and Post-Quantum Cryptography

On June 22, 2026, President Trump signed two executive orders that accelerate the federal government's shift to quantum-resistant encryption and launch a national quantum computing initiative. Executive Order 14412, "Securing the Nation Against Advanced Cryptographic Attacks," moves the deadline for federal agencies to migrate to post-quantum cryptography to December 31, 2030—five years earlier than the previous 2035 target. The order also requires migration of digital signature systems by December 31, 2031. Executive Order 14413, "Ushering in the Next Frontier of Quantum Innovation," directs the government to develop a cryptographically relevant quantum computer for scientific research by 2028 and expand domestic quantum workforce and supply chain capabilities.

DOJ export indictment triggers new probe of Super Micro’s controls

The Department of Justice unsealed an indictment in March 2026 charging three individuals tied to Super Micro Computer—two former employees and one contractor—with conspiring to violate U.S. export controls. The defendants allegedly diverted approximately $2.5 billion worth of servers containing advanced AI technology, including Nvidia chips, to China between 2024 and 2025. The indictment names co-founder and former senior vice president Yih‑Shyan "Wally" Liaw and a general manager from Super Micro's Taiwan office, who prosecutors say coordinated shipments through a third-party intermediary to circumvent export restrictions. Super Micro itself is not charged and has stated it was not accused of wrongdoing.

CA Attorney General Bonta Issues Immigration Enforcement Guidance for State Agencies

On July 1, 2026, California Attorney General Rob Bonta released comprehensive guidance and model policies directing state and local agencies on their interactions with federal immigration enforcement. The directive implements Senate Bill 580 and establishes clear protocols: agencies must deny immigration agents access to personal and sensitive data unless presented with a valid judicial warrant, subpoena, or court order. Bonta stated explicitly that while the Trump Administration may enforce federal immigration law, it cannot compel state or local participation in those enforcement activities.

Apple warns Mac users of new "copy-paste" scam stealing account control

Apple users are falling victim to a sophisticated phishing scheme in which scammers impersonate Apple support through phone calls, emails, and text messages, directing targets to click malicious links or paste compromised verification codes. Once users comply, the attackers gain full control of their Apple accounts, including access to stored personal information, payment details, and device management capabilities. The scam exploits social engineering rather than technical vulnerabilities, using urgent language like "Breach," "Alert," and "Compromised" to manufacture panic and bypass user skepticism.

CA AG Bonta Co-Led 21 AGs Letter Opposing HUD Rollback of LGBTQ+ Housing Rules

On June 30, 2026, California Attorney General Rob Bonta and 21 other state attorneys general filed a formal comment opposing a Department of Housing and Urban Development proposal to strip sexual orientation and gender identity protections from federal housing rules. The proposal would rescind HUD's 2012 and 2016 equal access rules and require placement decisions in shelters and facilities with shared sleeping or bathing areas to be based solely on biological sex. The coalition argues the rollback violates the Fair Housing Act, undermines state sovereignty, and contradicts established federal protections for LGBTQ+ Americans.

Anthropic's Mythos AI Cracks NSA Classified Systems, Prompting US-Ordered Global Shutdown

On June 11, General Joshua Rudd, head of the NSA and US Cyber Command, told the Senate Intelligence Committee that Anthropic's Mythos AI had breached nearly all classified US government systems within hours during a sanctioned cybersecurity evaluation. The following day, the Trump administration ordered Anthropic to restrict access to its Fable 5 and Mythos 5 models to US citizens only. Unable to verify nationality at scale, Anthropic shut down both models globally within 90 minutes, severing access for allied governments, researchers, and foreign-national employees.

Minnesota AG Sues Earned Wage Access Provider Over Alleged Payday Lending Violations

On June 10, 2026, Minnesota's Attorney General sued an app-based earned wage access provider, alleging its "Instant Cash" product operated as an unlicensed lender in violation of the Minnesota Consumer Small Loan Act and Consumer Short-Term Loan Act. The complaint charges that the company issued tens of thousands of advances to Minnesota consumers with annual percentage rates regularly exceeding 300%—some surpassing 700%—far above the state's 50% APR cap. The AG further alleges the provider failed to disclose these rates, circumvented payday lending laws by marketing advances as "non-recourse" and "voluntary," and denied users the ability to cancel or extend loans within the app.

New Study Exposes Dangerous Flaws in AI Chatbots for Mental Health

A University of Minnesota study has documented that over 100 AI chatbots marketed as mental health support tools contain dangerous flaws in crisis response and therapeutic quality. Researchers from the computer science and psychology departments, led by assistant professor Stevie Chancellor, tested systems from OpenAI, Meta, and Character AI. The findings show these chatbots frequently provide harmful responses to suicide inquiries, discriminate against people with mental health conditions, and fail to recognize crises. In controlled testing, licensed therapists responded appropriately 93% of the time compared to AI systems responding appropriately less than 60% of the time.

FTC Settles with Amazon for $2.25M Over FCRA Violations by Denying Identity Theft Records

Amazon has agreed to pay $2.25 million in civil penalties to settle Federal Trade Commission allegations that it systematically violated the Fair Credit Reporting Act by refusing to provide transaction records to identity theft victims. The FTC, acting through a Department of Justice complaint, charged that Amazon routinely denied these requests by citing false security and privacy concerns or claiming inability to access records. Under the settlement's proposed order, Amazon is permanently prohibited from failing to comply with FCRA Section 609(e), which requires companies to furnish fraudulent transaction records within 30 days of a consumer request.

CA AG Bonta Announces First-of-Its-Kind Settlement with Carbon Health and Co-Founder

California Attorney General Rob Bonta announced a settlement with Carbon Health Technologies, Inc., its affiliated medical groups, and co-founder Eren Bali requiring the company to restructure its ownership to comply with California's ban on the corporate practice of medicine. The settlement resolves allegations that Carbon Health used a non-medical corporate entity to own and control its medical practice operations in violation of state law. Carbon Health also faced claims of false advertising, unlawful consumer contracts, and improper billing practices. The company will pay $4.4 million in penalties; Bali will pay $100,000. Carbon Health denies wrongdoing but agreed to the settlement.

Apple's 2021 MPP Update Makes Email Open Tracking Unreliable for Marketers

Apple's Mail Privacy Protection, rolled out with iOS 15 in September 2021, has rendered open-rate metrics unreliable across the email marketing industry. The feature automatically routes emails through Apple-managed proxy servers to pre-load content and tracking pixels, causing messages to register as opened even when recipients never view them. Open rates have inflated by 15–20% or more depending on the proportion of Apple Mail users in a subscriber base, forcing marketers to shift toward click-through data and other engagement signals.

mail Subscribe to Privacy email updates

Primary sources. No fluff. Straight to your inbox.

Also on LawSnap