Delaware’s Personal Data Privacy Act, signed by the State Governor

The Delaware Personal Data Privacy Act, one of the strongest data privacy bills in the US, will come into effect from 1st January 2025. Signed by the State Governor John Carney, the law is the first to raise restrictions on the sale of children’s data and provides the state residents with the rights they’ve never had before. The state’s Department of Justice would begin a public outreach period to inform businesses of their obligations and the consumers of their rights. Read more

Class action filed against Google in the Netherlands

Consumentenbond and Privacy Protection Foundation, Netherlands’ consumer advocate groups, filed a collective class action against Google. The complaint is related to the company’s data privacy practices and real-time bidding. The two groups claimed that the company carries out constant surveillance and shares personal data through online ad auctions. 82 thousand consumers have joined the suit so far, says the groups. Read more

Meta platforms must face class actions related to medical privacy

The District Court for the Northern District of California ruled a class action lawsuit against Meta, claiming that the company’s platforms violated California privacy law and US wiretap law. The suit claims that the privacy of patients treated by medical providers and hospitals using the company’s pixel tracking tool was violated, citing allegations that sensitive healthcare information was intentionally collected and shared with Meta. Read more

Elon Musk’s X ownership violates FTC consent decree

Musk’s ownership of platform X, formerly Twitter, allegedly violated several aspects of the 2011 FTC consent decree by deceptively collecting users’ data. The Justice Department made a filing related to an ongoing battle for the consent decree, publishing evidence from the FTC’s probe into the platform. The company had previously agreed to settle the allegations that it collected its users’ data deceptively. Read more

Security Risk Assessment Tool under HIPPA updated

The Office of the National Coordinator for Health Information Technology published the updated version of the SRA under the HIPAA Security Rule. The tool is intended to help covered entities identify and assess risks and vulnerabilities to the availability, confidentiality, and integrity of protected health information. The updates include further information from HICP (Health Industry Cybersecurity Practices). Read more