Penalty Amount
$250,000
California Attorney General Xavier Becerra announced a settlement with Glow, Inc., operator of a fertility-tracking mobile app, over privacy and security failures that risked exposing millions of users’ sensitive personal and medical information. The settlement includes a $250,000 civil penalty and injunctive terms requiring Glow to implement privacy and security design principles, obtain affirmative user consent for data sharing, and allow users to revoke consent. Glow was alleged to have failed to safeguard health information, allowed unauthorized access to user data, and maintained flawed password reset functions that could enable third-party access without consent.
Glow must pay a $250,000 civil penalty. It is required to incorporate privacy and security design principles into its mobile apps, obtain affirmative user consent before sharing or disclosing personal, medical, or sensitive information, allow users to revoke previously granted consent, and consider how privacy or security lapses uniquely impact women. Glow must also comply with all applicable state consumer protection and privacy laws.
In-house legal teams should review privacy, data processing, and security clauses in user agreements, vendor contracts for third-party service providers handling user data, and public privacy policies. Specifically, teams must ensure clauses require affirmative user consent prior to sharing or disclosing sensitive or health data, include clear mechanisms for users to revoke consent, mandate implementation of privacy-by-design and security principles (including secure password reset functions), and require robust safeguards for medical and personal information. Additionally, contracts with app developers or technology vendors should include specific security requirements for access controls and password functions to prevent unauthorized data access.
Entity
Glow, Inc.
Also known as: Glow
Industry
TechnologyOfficial Press Release
https://oag.ca.gov/news/press-releases/attorney-general-becerra-announces-landmark-settlement-against-glow-inc-–
2020 09 17 People v Upward Labs Complaint
https://oag.ca.gov/sites/default/files/2020%2009-17%20-%20People%20v%20Upward%20Labs%20-%20Complaint.pdf
People v. Glow Final Judgment and Permanent Injunction 0
https://oag.ca.gov/sites/default/files/People%20v.%20Glow%20-%20Final%20Judgment%20and%20Permanent%20Injunction%20-%2007374856.pdf
California Attorney General Enforcement Page
https://oag.ca.gov/privacy/privacy-enforcement-actions
"Glow, Inc. (Glow), a technology company that operates a fertility-tracking mobile app that stores personal and medical information"
"Thursday, September 17, 2020"
"$250,000 civil penalty"
"Failed to adequately safeguard health information;"
"Allowed access to user’s information without the user’s consent;"
"Additional security problems with the app's password change function could have allowed third parties to reset user account passwords and access information in those accounts without user consent."
California Attorney General Rob Bonta, joined by attorneys general from seven other states, filed a lawsuit to block the $6.2 billion merger between Nexstar Media Group and Tegna Inc. The lawsuit alleges the merger violates Section 7 of the Clayton Act by reducing competition in local TV markets, leading to higher prices, less local news, and job losses.
California Attorney General Rob Bonta filed a lawsuit against the U.S. Department of Education to block the expansion of IPEDS data collection requiring colleges to submit race-linked student data. The lawsuit argues the demand is arbitrary, capricious, and burdensome, and could enable costly partisan investigations. A multistate coalition co-led the challenge.
California Attorney General Rob Bonta and a coalition of state attorneys general announced they will continue their antitrust lawsuit against Live Nation/Ticketmaster after the U.S. Department of Justice settled the case. The states aim to hold Live Nation accountable for anticompetitive conduct that harms consumers, artists, and venues in the live music industry.
$376K
The California Privacy Protection Agency (CalPrivacy) settled with Ford Motor Company requiring the company to pay a $375,703 fine and change its practices. Ford violated the CCPA by requiring consumers to complete an email verification step before they could opt-out of the sale and sharing of their personal information collected through digital properties and connected vehicle services. In addition to the fine, Ford must provide easy methods to submit opt-out requests with minimal steps, audit its tracking technologies, and ensure compliance with opt-out preference signals including Global Privacy Control.
California Attorney General Rob Bonta, co-leading a bipartisan coalition of 21 attorneys general and charitable regulators, sent a letter to GoFundMe demanding the platform remove all plagiarized donation web pages for over 1.4 million charities, disclose information about donations, and ensure pages do not outrank official charity sites in search results. The action follows reports that GoFundMe used charities' information without consent and engaged in deceptive solicitations, violating state charitable solicitation and consumer protection laws.
California Attorney General Rob Bonta sent a letter to the U.S. Department of Health and Human Services opposing a proposed rule that would eliminate model card requirements for AI tools in healthcare, warning that such rollbacks could lead to biased and unsafe healthcare decisions by reducing transparency.