Hello all, and happy Thursday!
Last week, you may have noticed a story in our newsletter about CIPA-style class action lawsuits coming to Arizona. The California Invasion of Privacy Act (CIPA) is a 60s-era law meant to protect citizens from wiretapping—in recent times, it’s become popular amongst the plaintiff’s bar to bring lawsuits against organizations on the grounds that modern internet marketing technologies count as CIPA violations.
Apparently taking inspiration from California law firms, Arizonan lawyers have been bringing class action lawsuits against organizations on the grounds that these tracking technologies constitute a violation under the Telephone, Utility, and Communication Service Records Act.
This week, yet another apparently unrelated, decades-old law is being used to sue businesses over modern privacy violations. The Song-Beverly Credit Card Act, originally meant to limit the collection of personal information during in-person transactions, is being used as grounds to sue retailers over excessive data collection.
But this shouldn’t come as a surprise; so long as there’s a chance at a legal victory, enterprising law firms will repurpose these old laws to go after organizations that are easy targets. Your best bet is to not be an easy target by adhering to robust data minimization and retention practices.
Best,
Arlo
50+ free data privacy resources, including templates, trackers, and more!
Today at 1 PM EST! | Save Your Seat
Thursday, September 12th | Save Your Seat
Recently, an expert committee appointed under the Thai Personal Data Protection Act (PDPA) of 2019 issued an administrative fine to a major private company involved in online sales. The company allowed a significant amount of personal data to leak to call center gangs without implementing adequate security measures as required by the PDPA. The committee imposed the maximum administrative fine of 7 million baht (approximately $205,520).
Attorney General John M. Formella announces the creation of a new Data Privacy Unit that will be primarily responsible for enforcing the New Hampshire Data Privacy Act. “Ensuring accountability, transparency, and consumer choice regarding how companies handle and monetize the personal data of their customers is a priority of my office,” said Attorney General Formella in a press release.
The Dutch Data Protection Authority (DPA) imposes a fine of 290 million euros on Uber. The Dutch DPA found that Uber transferred the personal data of European taxi drivers to the United States and failed to appropriately safeguard the data with regard to these transfers. According to the Dutch DPA, this constitutes a serious violation of the GDPR. In the meantime, Uber has ended the violation.
A decades-old law protecting personal information during California credit card transactions is fueling a new wave of privacy litigation that could challenge how online retailers do business. The Song-Beverly Credit Card Act, passed in California in 1971, limits retailers’ collection of personal information during in-person transactions unless it's necessary to process the credit card transaction. Much like the wave of pixel-tracking cases over the past two years citing California wiretap laws, the new Song-Beverly disputes ask if companies are strictly acting as service providers without monetizing collected data and if it’s essential to solving business needs.
Recently, Illinois Governor JB Pritzker signed HB 3773, which amends the Illinois Human Rights Act to address employers’ use of artificial intelligence (AI). Illinois employers that use any automated tools to make employment-related decisions are encouraged to prepare for compliance with the new law, which takes effect on January 1, 2026.
There's more to explore:
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!