Privacy and consumer protection enforcement actions against technology companies.
127
Total Actions
$11.4B
Total Fines
Texas Attorney General Ken Paxton launched an investigation into Meta's Meta AI Glasses over allegations of unlawful facial biometric data collection, deceptive privacy practices, and unauthorized sharing of user data with subcontractors. The investigation follows concerns that the glasses' always-on recording mode lacks proper user notice, planned facial recognition features would collect data without consent, and private user videos are accessed by third-party annotators in Kenya. The AG issued a Civil Investigative Demand to Meta to determine violations of Texas privacy laws.
Texas Attorney General Ken Paxton launched an investigation into Meta regarding its Meta AI Glasses, alleging unlawful collection of facial biometric data, deceptive privacy representations, and unauthorized sharing of user data with subcontractors. The investigation follows concerns that the glasses’ always-on recording mode lacks proper notice, subcontractors access private user content including intimate moments, and Meta plans to deploy facial recognition technology to collect unsuspecting individuals’ facial geometry. The AG issued a Civil Investigative Demand to determine if Meta violated Texas law by deceptively misrepresenting its data use practices.
The FTC sent warning letters to 12 companies offering 'nudify' tools that generate nonconsensual intimate images, for failing to comply with the TAKE IT DOWN Act (TIDA) by not providing a mechanism for victims to request removal of such content. The letters urge immediate compliance with TIDA, which requires platforms to remove nonconsensual intimate images within 48 hours of a valid request. Noncompliant companies may face future legal action and civil penalties of up to $53,088 per violation.
Federal Trade Commission Chairman Andrew N. Ferguson sent letters to over a dozen major technology companies reminding them of their obligation to comply with the Take It Down Act (TIDA) by May 19, 2026. TIDA requires covered platforms to establish a process for victims, including children, to request removal of nonconsensual intimate images, with takedown of content and all identical copies required within 48 hours of a valid request. The FTC also issued supplemental guidance to help companies prepare for compliance and warned that it will monitor and enforce violations of the law.
Texas Attorney General Ken Paxton initiated an investigation into Drone Nerds, LLC over its partnership with CCP-affiliated Anzu Robotics, which markets drones with concealed surveillance capabilities and unauthorized data collection risks. Drone Nerds is accused of deceiving Texas consumers by misrepresenting Anzu’s ties to China and falsely claiming the drones are U.S.-based with secure privacy practices. The investigation is being conducted under the Texas Deceptive Trade Practices Act, with a Civil Investigative Demand issued to gather evidence of consumer deception and privacy violations.
Consumer fraud enforcement action where the FTC settled with Air AI for misleading entrepreneurs with false earnings and refund guarantees. The company will be banned from marketing business opportunities and pay a suspended $18 million judgment with $50,000 for consumer relief. Violations included failure to provide required disclosures and false claims under the Telemarketing Sales Rule and Business Opportunity Rule.
$18.0M
Antitrust enforcement action where Oregon Attorney General and a coalition of states filed a court brief opposing the $14 billion merger settlement between Hewlett Packard Enterprises and Juniper Networks, citing anticompetitive concerns and a corrupted process at the U.S. Department of Justice.
The Connecticut Attorney General announced a $100,000 settlement with Spruce Power 3, LLC to resolve an investigation into billing, customer service, and warranty issues stemming from consumer complaints. The settlement includes refunds for improper charges and requires reforms to improve billing practices and response times. Separately, an investigation was initiated into SunStrong Management LLC based on approximately 65 consumer complaints regarding warranty failures, unresponsiveness, and fees.
$100K
The California Privacy Protection Agency settled with PlayOn Sports for $1.10 million over CCPA violations, including failing to provide adequate opt-out mechanisms and improperly tracking users, particularly students. The company must implement proper opt-out methods, improve disclosures, and comply with children's data consent requirements.
$1.1M
California Attorney General Rob Bonta, co-leading a bipartisan coalition of 21 attorneys general and charitable regulators, sent a letter to GoFundMe demanding the platform remove all plagiarized donation web pages for over 1.4 million charities, disclose information about donations, and ensure pages do not outrank official charity sites in search results. The action follows reports that GoFundMe used charities' information without consent and engaged in deceptive solicitations, violating state charitable solicitation and consumer protection laws.
Texas Attorney General Ken Paxton reached an agreement with Samsung Electronics America, Inc. to stop collecting Automated Content Recognition (ACR) data from smart TVs without consumers' express consent. Samsung must update its smart TVs to provide clear and conspicuous disclosures and obtain consent before any data collection, ensuring Texans are informed and in control of their viewing data.
The FTC issued a policy statement announcing that it will not enforce the COPPA Rule against website and online service operators that use age verification technologies solely to determine user age, provided they comply with conditions such as limiting data use, ensuring security, and providing clear notice. This policy aims to incentivize age verification tools to protect children online.
The FTC issued a policy statement announcing it will not enforce COPPA against operators that collect age verification data under specific conditions. The policy aims to encourage the use of age verification technologies to protect children online. Operators must limit data use, ensure security, provide notice, and use accurate verification methods.
Texas Attorney General Ken Paxton filed a lawsuit against Temu (PDD Holdings, Inc. and WhaleCo Inc.) for deceptive marketing practices and illegally harvesting Texans' personal data, which was then exposed to the Chinese Communist Party. The suit seeks monetary damages under the Texas Deceptive Trade Practices Act, with potential penalties of up to $10,000 per violation and higher for seniors. This is part of a broader effort to hold CCP-aligned companies accountable.
Texas Attorney General Ken Paxton filed a lawsuit against TP-Link Systems Inc. for deceptively marketing its networking devices and enabling the Chinese Communist Party to access American consumers' devices. The lawsuit alleges that TP Link's products have been used by PRC state-sponsored hackers and that the company is subject to Chinese laws requiring data disclosure. This is part of a coordinated effort to hold China-aligned companies accountable under Texas law.
Texas Attorney General Ken Paxton issued Civil Investigative Demands to Blue Cross Blue Shield of Texas and Conduent Business Services LLC as part of an investigation into a data breach that exposed the protected health information of approximately four million Texans. The breach, which occurred between October 21, 2024 and January 13, 2025, is believed to be the largest in U.S. history. The investigation focuses on Conduent's security measures and BCBS's compliance with state data protection laws.
A bipartisan coalition of 35 state attorneys general led by New York Attorney General Letitia James sent a demand letter to xAI on January 26, 2026, requiring the company to address its Grok chatbot’s creation and sharing of nonconsensual intimate images, including child sexual abuse material. The AGs demand that xAI implement safeguards to prevent Grok from generating such content, delete existing harmful content, suspend offending users, and give X users control over whether their content can be edited by Grok. No monetary penalty has been imposed as this is a pre-enforcement demand for action.
California Attorney General Rob Bonta sent a cease and desist letter to xAI, demanding the company immediately stop the creation and distribution of deepfake, nonconsensual intimate images and child
New Jersey Attorney General Matthew Platkin announced a settlement with Apple Inc. over allegations of widespread merchandise pricing violations at 11 Apple stores statewide, including failure to display required pricing information and refund policies. Apple agreed to pay a $150,000 civil penalty, the largest-ever under New Jersey's Merchandise Pricing Act, and implement revised business practices to ensure clear pricing and refund policy disclosures. The settlement resolves violations of the New Jersey Consumer Fraud Act and the 2017 consent order previously entered into by Apple.
$150K
Consumer fraud case where the FTC sued JustAnswer LLC for deceiving consumers into enrolling in a costly recurring monthly subscription by falsely claiming low one-time fees. The company did not obtain affirmative consent or clearly disclose subscription terms, violating ROSCA and the FTC Act. The FTC seeks an injunction, consumer refunds, and civil penalties.
Texas Attorney General Ken Paxton filed a lawsuit against Sony, Samsung, LG, Hisense, and TCL Technology Group for using Automated Content Recognition (ACR) technology to collect Texans' viewing data without proper consent. A temporary restraining order was secured against Hisense to halt all data collection and sharing. The AG issued a consumer alert with instructions to disable ACR on smart TVs.
Texas Attorney General Ken Paxton obtained a temporary restraining order against Hisense, a Chinese smart TV manufacturer, to halt its collection of Texans' personal data through Automated Content Recognition technology without consent. The technology captures every sound and image on the TVs every 500 milliseconds and sells the data, with access granted to the Chinese Communist Party. The TRO prohibits Hisense from collecting, using, selling, sharing, disclosing, or transferring ACR data about Texans while the case continues.
Texas Attorney General Ken Paxton has filed lawsuits against five major TV manufacturers—Sony, Samsung, LG, Hisense, and TCL—for unlawfully collecting Texans' viewing data using Automated Content Recognition (ACR) technology without their knowledge or consent. The ACR software captures screenshots of TV displays every 500 milliseconds and transmits the data to the companies, which then sell it for targeted advertising. The AG's office alleges these practices violate Texas privacy laws and seeks to enjoin the companies from continuing the surveillance.
Connecticut Attorney General William Tong, along with the FTC and 21 other states and counties, filed a lawsuit against Uber Technologies, LLC and Uber USA, LLC for deceptive practices related to their Uber One subscription service. The lawsuit alleges Uber used negative option marketing, misled consumers about savings, made cancellation difficult, and charged consumers prematurely. The action seeks restitution, penalties, and an injunction under the Connecticut Unfair Trade Practices Act and the Restore Online Shoppers' Confidence Act.
Texas Attorney General Ken Paxton filed a lawsuit against five major TV manufacturers—Sony, Samsung, LG, Hisense, and TCL—for illegally collecting consumers' viewing data through Automated Content Recognition (ACR) technology without knowledge or consent. The companies capture screenshots and monitor TV usage in real-time, then sell the data for targeted advertising, risking sensitive information. The suit seeks to halt these invasive practices and protect Texans' privacy.
New Jersey Attorney General Matthew Platkin announced that New Jersey is joining a coalition of 22 states in suing Uber for deceptive practices related to its Uber One subscription service. The lawsuit alleges that Uber enrolled consumers without their knowledge and made cancellation extremely difficult, seeking restitution, penalties, and an injunction under New Jersey's Consumer Fraud Act and the Restore Online Shoppers' Confidence Act.
A bipartisan coalition of 42 attorneys general sent a letter to major AI software companies demanding safeguards to protect users from harmful chatbot interactions. The letter cites multiple incidents of mental health struggles, self-harm, and deaths, particularly affecting children and vulnerable populations. Companies are asked to implement safety testing, recall procedures, and clear warnings by January 16, 2026.
Texas Attorney General Ken Paxton filed a lawsuit against Epic Systems Corporation, a major electronic health records vendor, alleging unlawful monopolization of the EHR industry and deceptive practices that restrict parental access to minor children’s medical records. The privacy-related claim asserts Epic automatically hides children’s medication lists, treatment notes, and provider messages from parents when a child turns 12, violating Texas law guaranteeing parents unrestricted access to their children’s medical records. The action is part of broader efforts to ensure EHR vendors comply with Texas parental access requirements and promote market competition.
New Jersey Attorney General Matthew Platkin is leading a bipartisan coalition of 42 attorneys general in sending a letter to 13 tech companies, demanding that they implement safeguards for their AI chatbots to prevent harmful interactions such as sexually explicit conversations with children, encouraging self-harm, and spurring violence, following reports of serious incidents including deaths and self-harm.
Antitrust enforcement action where Oregon Attorney General Dan Rayfield secured a $700 million settlement from Google for anticompetitive practices in the Google Play Store. The settlement will provide automatic payouts to consumers who made purchases between August 2016 and September 2023, and requires Google to change its practices to stop the anticompetitive conduct. The settlement is pending court approval as of April 30, 2026.
$700.0M
Florida Attorney General James Uthmeier issued an investigative subpoena to TP-Link Systems Inc. as part of a consumer protection investigation into the company’s cybersecurity practices, supply-chain infrastructure, and handling of U.S. consumer data, including allegations of unauthorized data sharing with the Chinese Communist Party. The probe will determine if TP-Link misled customers about foreign government access to their personal data, which would violate the Florida Deceptive and Unfair Trade Practices Act, with no findings of wrongdoing yet.
New York, California, and Connecticut attorneys general reached a $5.1 million settlement with educational technology company Illuminate Education, Inc. for failing to protect student data, resulting in a 2022 breach exposing millions of students’ personal information. The investigation found Illuminate failed to implement basic security measures including data encryption, suspicious activity monitoring, and proper decommissioning of inactive user accounts, and did not delete student data when required by contracts. Illuminate must pay the penalty and implement enhanced data security measures including a comprehensive information security program, encryption of student data, and annual notice to schools about data collection and deletion options.
$5.1M
Connecticut Attorney General William Tong, along with California and New York Attorneys General, settled with Illuminate Education, Inc. for failing to protect student data in a breach that exposed personal information of millions of students. The settlement, the first under Connecticut's Student Data Privacy Law, requires Illuminate to pay $5.1 million and implement enhanced cybersecurity measures.
$5.1M
California Attorney General Rob Bonta, joined by Connecticut and New York Attorneys General, secured a $5.1 million multistate settlement with edtech company Illuminate Education, Inc. over a 2021 data breach that exposed sensitive personal and medical information of millions of students, including over 434,000 California students. The investigation found Illuminate failed to implement basic security measures, including failing to terminate former employee credentials, lacking suspicious activity monitoring, and unsecured backup databases, as well as making false statements in its privacy policy. Illuminate must pay $3.25 million to California, implement enhanced security practices, and notify the CA DOJ of future student data breaches.
$5.1M
Texas Attorney General Ken Paxton secured a $1.375 billion settlement with Google for unlawfully tracking Texans' geolocation data, incognito browsing activity, and biometric identifiers without consent. This is the largest single-state privacy settlement against Google, significantly larger than multistate settlements. The agreement resolves two major privacy enforcement actions brought by Texas.
$1.4B
Texas Attorney General Ken Paxton opened an investigation into Lorex Technology Inc. for allegedly deceptively selling security cameras with components from CCP-linked Dahua, posing privacy and national security risks. The investigation will determine if Lorex misrepresented the cameras as secure and safe for residential use despite known supply chain vulnerabilities and federal restrictions on Dahua products.
The California Attorney General conducted an investigation into OpenAI's recapitalization plan and secured a memorandum of understanding ensuring charitable assets are used for their intended purpose, safety is prioritized, and OpenAI remains in California. The AG will not oppose the plan and will monitor ongoing adherence to these commitments.
Florida Attorney General James Uthmeier filed a civil enforcement action against Roku, Inc. for violating the Florida Digital Bill of Rights (FDBOR) and Florida Deceptive and Unfair Trade Practices Act (FDUTPA). The complaint alleges Roku collected, sold, and enabled reidentification of children’s sensitive personal data, including viewing habits and voice recordings, without parental consent or meaningful notice to consumers. The state seeks civil penalties, injunctive relief, and requirements for Roku to implement transparent disclosures, lawful parental controls, and cease unauthorized processing of children’s data.
The Texas Attorney General opened an investigation into TP-Link Systems Inc. for potentially allowing the Chinese government to access Texans' consumer data through back doors in networking equipment. The investigation will examine whether TP Link violated Texas privacy law by misleading consumers about its independence and improperly collecting or disclosing data. This follows a prior privacy notice violation issued to the company.
The FTC filed a complaint against Iconic Hearts Holdings, Inc., operator of the Sendit anonymous messaging app, for unlawfully collecting personal data from children in violation of COPPA, misleading users by sending messages from fake personas, and tricking consumers into paid subscriptions by falsely promising to reveal anonymous senders.
The FTC secured a $2.5 billion settlement with Amazon, including a $1 billion civil penalty and $1.5 billion in consumer refunds, for enrolling millions of consumers in Prime subscriptions without proper consent and designing a deliberately difficult cancellation process. The order requires Amazon to implement clear enrollment disclosures, an easy cancellation method, and cease the unlawful practices.
$1.0B
The FTC issued 6(b) orders to seven technology companies to investigate the safety and privacy practices of their AI chatbots, particularly regarding impacts on children and teens. The inquiry focuses on compliance with children's privacy laws, data handling, and disclosures, requiring companies to provide information on these aspects.
The FTC settled allegations against Apitor Technology for violating COPPA by allowing a third party to collect geolocation data from children without parental consent. Apitor must pay a $500,000 suspended fine, delete improperly collected data, and implement measures to comply with COPPA, including obtaining parental consent and notifying parents.
$500K
Texas Attorney General Ken Paxton filed a lawsuit against PowerSchool, a provider of cloud-based services for K-12 schools, following a data breach that exposed the personal and health information of over 880,000 Texas school-aged children and teachers. The breach occurred in December 2024 when a hacker gained administrative access through a subcontractor's account and stole unencrypted data including Social Security numbers, medical details, and disability records. The lawsuit alleges PowerSchool violated Texas law by failing to implement basic security measures and by misleading customers about its security practices.
Florida Attorney General James Uthmeier issued a subpoena to Lorex as part of an ongoing consumer protection and data privacy investigation. The probe examines Lorex’s ties to Dahua Technology and potential foreign spying risks, including unauthorized access to children’s data, and whether the company misled consumers about the privacy and security of its camera products and apps. The subpoena seeks documents related to corporate structure, third-party contracts, software update origins, data center locations, security vulnerabilities, and marketing claims about privacy and security.
FTC Chairman Andrew Ferguson sent warning letters to major technology companies, urging them not to weaken data security or censor American consumers' speech in response to foreign government demands. He reminded them that such actions could violate the FTC Act's prohibition on unfair and deceptive practices, particularly if companies break promises about encryption and security. The letters cite foreign laws like the EU's Digital Services Act and UK's Investigatory Powers Act as pressures that might lead to non-compliance.
FTC Chairman Andrew Ferguson sent warning letters to over a dozen major technology companies, reminding them of their obligations under the FTC Act to protect American consumers' data security and privacy, even when facing pressure from foreign governments to weaken encryption or censor content. The letters warn that weakening security measures or censoring speech in response to foreign demands could constitute deceptive practices under the FTC Act.
Texas Attorney General Ken Paxton opened an investigation into Meta and Character.AI via Civil Investigative Demands, alleging deceptive trade practices including misrepresenting AI chatbots as confidential mental health tools while harvesting user data for targeted advertising. The probe assesses potential violations of Texas consumer protection laws and the SCOPE Act, particularly regarding privacy misrepresentations, concealment of data usage, and harms to children. This builds on prior investigations into Character.AI for SCOPE Act compliance.
Texas Attorney General Ken Paxton has opened an investigation into Meta AI Studio and Character.AI for deceptive practices in marketing AI chatbots as mental health services to children. The platforms are accused of impersonating licensed professionals, fabricating qualifications, and exploiting user data for advertising without proper disclosure. Civil Investigative Demands have been issued to examine violations of Texas consumer protection laws and the SCOPE Act.
Texas Attorney General Ken Paxton announced a comprehensive privacy enforcement initiative, achieving record settlements with Meta ($1.4B) and Google ($1.375B) for biometric and geolocation data violations, suing General Motors and TikTok, and investigating numerous companies for children's data and AI practices. The AG's office has enforced multiple Texas privacy laws and registered over 200 data brokers.
$2.8B
The FTC settled charges against GoDaddy Inc. and GoDaddy.com, LLC for misleading customers about their data security protections and failing to adequately secure their website hosting services. The company's security failures left customers' and website visitors' data vulnerable to attacks. The final order requires GoDaddy to implement comprehensive data security measures.
The FTC finalized an order with GoDaddy for failing to implement adequate data security measures and misleading consumers about its security and Privacy Shield compliance. The order prohibits misrepresentations, requires a comprehensive security program, and mandates independent assessments.
The FTC settled charges against GoDaddy Inc. and GoDaddy.com, LLC for misleading customers about their data security protections and failing to adequately secure their website hosting services. The company allegedly did not implement reasonable security measures, leaving customer websites vulnerable to attacks that could harm both the customers and visitors to those sites. The case resulted in a consent order requiring GoDaddy to improve its security practices.
Attorney General Ken Paxton sued Google for unlawfully tracking and collecting Texans' private data, including geolocation, incognito searches, and biometric data. The case resulted in a $1.375 billion settlement, the largest ever against Google for state privacy enforcement, marking a major win for data privacy rights.
$1.4B
Texas Attorney General Ken Paxton has notified several Chinese companies, including TP-Link, Alibaba, and CapCut, that they are violating the Texas Data Privacy and Security Act (TDPSA). The companies must comply with TDPSA requirements to disclose data processing, allow consumer opt-outs, and enable data deletion within 30 days. Failure to comply will result in further legal action.
Texas Attorney General Ken Paxton announced legal action against several Chinese companies, including TP-Link, Alibaba, and CapCut, for violating the Texas Data Privacy and Security Act (TDPSA). The companies have been given 30 days to comply with requirements to disclose data processing, allow consumers to opt out of data collection, and enable data deletion. Failure to comply will result in further legal action to protect Texans' privacy rights and prevent data from being accessed by the Chinese Communist Party.
Texas Attorney General Ken Paxton issued a 30-day compliance notice to TP-Link, Alibaba, CapCut, and other CCP-affiliated Chinese companies for violating the Texas Data Privacy and Security Act (TDPSA). The companies are accused of failing to disclose consumer data processing activities, allow opt-out of data collection, and enable consumer data deletion as required by Texas law. If the companies do not comply within 30 days, the Attorney General's office will pursue additional legal action.
Texas Attorney General Ken Paxton has issued notices to several Chinese companies, including TP-Link, Alibaba, and CapCut, for violating the Texas Data Privacy and Security Act (TDPSA). The companies must comply with TDPSA's requirements to disclose data processing, allow opt-outs, and enable data deletion within 30 days, or face further legal action.
Texas Attorney General Ken Paxton announced an investigation into Chinese AI company DeepSeek for alleged violations of the Texas Data Privacy and Security Act, citing concerns over the company’s privacy practices and ties to the Chinese Communist Party. The AG also notified DeepSeek of the alleged violations, issued a ban on DeepSeek’s platform on all Office of the Attorney General devices, and sent third-party Civil Investigative Demands to Google and Apple for documentation related to the DeepSeek app. The investigation stems from allegations that DeepSeek acts as a proxy for the CCP to steal Texas citizens’ data and undermine U.S. AI dominance.
New York Attorney General Letitia James secured a $450,000 settlement from three companies distributing eufy-branded home security cameras for failing to implement adequate data security measures. The companies’ cameras had unencrypted video streams accessible without authentication, exposing private consumer footage. The settlement requires the companies to implement stronger security protocols, including encryption, vulnerability testing, and a comprehensive information security program.
$450K
The FTC settled charges against GoDaddy for failing to implement adequate data security measures for its web hosting services, which led to multiple breaches and misled customers about its security protections. The proposed order requires GoDaddy to establish a comprehensive information security program and hire an independent assessor for regular reviews.
The FTC finalized an order against IntelliVision Technologies Corp. for making deceptive claims about its facial recognition software's accuracy and lack of bias. The company must now back up any claims with competent testing and is prohibited from misrepresenting the software's performance. No monetary penalty was imposed.
Attorney General William Tong announced that starting January 1, 2025, businesses covered by the Connecticut Data Privacy Act must honor global opt-out preference signals, allowing consumers to opt out of targeted advertising and data sales via tools like Global Privacy Control. The advisory explains requirements, notes exemptions for HIPAA-covered entities, and provides resources for compliance.
Texas Attorney General Ken Paxton announced investigations into 15 companies, including Character.AI, Reddit, Instagram, and Discord, for potential violations of the SCOPE Act and TDPSA concerning children's privacy. The investigations target practices such as unauthorized sharing of minors' personal data and failure to provide parental controls. This action is part of Texas's broader initiative to enforce data privacy laws.
Texas Attorney General Ken Paxton has launched investigations into Character.AI and fourteen other companies, including Reddit, Instagram, and Discord, for potential violations of the SCOPE Act and TDPSA regarding children's privacy and safety. The investigations focus on unauthorized sharing of minors' data and lack of parental controls. No penalties have been imposed yet as the investigations are ongoing.
Guardian Analytics, Inc. and Actimize, Inc. settled with the Connecticut Attorney General over a data breach affecting 157,629 Connecticut residents. The breach, from November 2022 to January 2023, exposed personal information due to security failures. The settlement includes a $500,000 penalty and mandatory cybersecurity improvements.
$500K
Texas Attorney General Ken Paxton settled with Pieces Technologies for making deceptive claims about the accuracy of its healthcare AI products used in Texas hospitals. The company advertised an error rate of '<1 per 100,000' which was found inaccurate. The settlement requires Pieces to accurately disclose product accuracy and ensure hospital staff understand the limitations.
Verkada, a security camera company, failed to secure customer data, leading to a hacker accessing over 150,000 cameras and sensitive health information. The company also violated the CAN-SPAM Act by sending spam emails without proper opt-out mechanisms. To settle, Verkada will pay $2.95 million and implement a comprehensive security program with audits.
$3.0M
Attorney General William Tong, along with the U.S. Department of Justice and eight other state attorneys general, filed a civil antitrust lawsuit against RealPage Inc. for allegedly using its algorithmic pricing software to facilitate price fixing among landlords and monopolize the market for revenue management software. The complaint alleges that RealPage collects competitively sensitive rental data from landlords to train its algorithm, which then recommends prices, harming renters by reducing competition. The lawsuit seeks an injunction to end these practices and restore competition.
Texas Attorney General Ken Paxton secured a $1.4 billion settlement with Meta over the company’s decade-long unauthorized capture of Texans’ facial geometry via its Tag Suggestions feature, which used facial recognition software without providing notice or obtaining informed consent. The practices violated Texas’s Capture or Use of Biometric Identifier Act (CUBI) and Deceptive Trade Practices Act, as Meta automatically enabled the feature for all Texans without explaining its functionality or seeking permission. This is the largest privacy settlement ever obtained by a single state attorney general, with Meta required to pay the penalty over five years and cease the unlawful biometric data practices.
$1.4B
NGL Labs, LLC and its founders were sued by the FTC and Los Angeles DA for marketing an anonymous messaging app to children and teens, making false claims about AI content moderation, sending fake messages to boost engagement, and violating COPPA by collecting kids' data without parental consent. They must pay $5 million, with $500,000 as a civil penalty and $4.5 million for consumer redress, and are banned from offering the app to users under 18. The order requires age gates, data deletion, and prohibits false claims about AI and recurring charges.
$500K
The FTC settled with NGL for deceptively marketing its anonymous messaging app to children and teens, using fake messages to trick users into paid subscriptions without proper consent. The order banned marketing to users under 18 and required $4.5 million in refunds for unauthorized charges.
$4.5M
The FTC finalized an order against Avast for selling consumers' web browsing data for advertising after promising privacy protection. Avast must pay $16.5 million, is banned from selling such data, must delete collected data, obtain consent, notify consumers, and implement a privacy program.
$16.5M
California Attorney General Rob Bonta announced a $6.75 million settlement with software company Blackbaud over a 2020 data breach that exposed consumers' personal information including Social Security numbers, bank account details, and medical data. Blackbaud was found to have inadequate data security practices, failed to timely and accurately notify impacted individuals of the breach, and made misleading public disclosures about the breach and its pre-breach security measures. The settlement requires Blackbaud to pay penalties and implement enhanced data security and breach notification protocols.
$6.8M
The FTC finalized a consent order against Blackbaud Inc. for alleged security failures that led to a data breach exposing personal data of millions of consumers. Blackbaud must delete unnecessary data, implement a security program, and not misrepresent its policies. No monetary penalty was imposed.
Connecticut, along with the U.S. Department of Justice and 15 other states, has filed a civil antitrust lawsuit against Apple Inc. for monopolizing smartphone markets in violation of the Sherman Act. The complaint alleges Apple engages in anticompetitive conduct such as blocking innovative apps, suppressing cloud streaming services, and limiting interoperability to maintain its monopoly and impose high costs on consumers and developers. The plaintiffs seek equitable relief to restore competition.
The FTC settled with Avast for deceiving customers by claiming its antivirus software blocked tracking while secretly collecting and selling browsing data. Avast must pay $16.5 million in refunds and is banned from such practices. The FTC is now processing claims for affected consumers.
$16.5M
The FTC has proposed amendments to the COPPA Rule to enhance children's privacy protections. Key changes include requiring separate parental consent for targeted advertising, prohibiting conditioning access on data collection, limiting push notifications, strengthening data security and retention requirements, and restricting commercial use in educational technology. The proposal shifts responsibility from parents to companies to safeguard children's data.
Attorney General William Tong announced details for consumers to receive restitution from a $700 million antitrust settlement with Google. The settlement, secured in December 2023 by a coalition of 53 attorneys general, addresses Google's monopoly in the Google Play Store that led to inflated fees for consumers. Eligible consumers who made purchases between August 2016 and September 2023 will receive automatic payments via PayPal or Venmo.
$700.0M
Blackbaud, a cloud company providing donor management software, experienced a 2020 data breach exposing personal information of millions of donors through its nonprofit customers. A multistate investigation found Blackbaud failed to implement adequate data security and delayed breach notifications. As a result, Blackbaud agreed to pay $49.5 million and overhaul its security practices.
$49.5M
Blackbaud, a software company, experienced a ransomware attack in 2020 that exposed sensitive personal information, including protected health data, due to inadequate security practices and delayed breach notification. A multistate investigation resulted in a $49.5 million settlement, requiring Blackbaud to enhance data security, implement breach response plans, and undergo third-party assessments.
$49.5M
California Attorney General Rob Bonta announced a $93 million settlement with Google resolving allegations that the company violated state consumer protection laws through deceptive location-privacy practices. Google was accused of falsely telling users that turning off the “Location History” setting would stop location data collection, while continuing to collect and use location data for user profiling and targeted advertising without informed consent. In addition to the monetary penalty, Google must implement several injunctive measures to increase transparency and user control over location tracking.
$93.0M
Attorney General William Tong released guidance advising Connecticut consumers of new privacy rights under the Connecticut Data Privacy Act (CTDPA), effective July 1, 2023. The CTDPA grants consumers rights to access, correct, delete, and opt-out of the sale of personal data and targeted advertising. Businesses must comply with these requirements, obtain consent for sensitive data and children's data, and maintain privacy notices.
Connecticut led a multistate settlement with JUUL Labs for $438.5 million over allegations of marketing vaping products to underage youth. The settlement funds are being directed to Regional Behavioral Health Action Organizations through new legislation to combat youth vaping, with requirements for transparency and evidence-based programs.
$438.5M
The FTC and DOJ charged Amazon with violating COPPA by indefinitely retaining children's Alexa voice recordings and failing to honor parents' deletion requests. Under a proposed consent decree, Amazon must pay $25 million, delete children's data, and implement privacy safeguards.
$25.0M
The FTC charged Ring LLC with allowing employees to access private customer videos without consent and failing to secure user accounts, leading to hackers controlling cameras. Under a proposed consent order, Ring must pay $5.8 million in refunds, delete unlawfully accessed data, and implement a privacy and security program.
$5.8M
The FTC settled with Ring for failing to secure consumer videos, allowing unauthorized access by employees and hackers. Ring agreed to provide $5.6 million in refunds to affected customers and implement security measures.
$5.6M
Connecticut Attorney General William Tong filed a lawsuit against Vision Solar, LLC for engaging in predatory high-pressure sales tactics, misrepresenting financing and tax credits, and performing unpermitted work that left homeowners with nonfunctioning systems and unaffordable loans. The action seeks restitution for consumers, civil penalties, and injunctive relief to stop the company's unfair and deceptive practices.
Google settled with 40 state attorneys general over allegations that it misled consumers about location tracking practices. Google will pay $391.5 million and must enhance transparency and user controls for location data collection.
$391.5M
Connecticut and 39 other states secured a $391.5 million settlement with Google for misleading consumers about location tracking and continuing to collect data after users opted out. The settlement mandates Google to enhance transparency and user controls for location settings, including clear disclosures and user-friendly account controls.
$391.5M
Connecticut Attorney General William Tong led 34 states and territories in a $438.5 million settlement with JUUL Labs over its youth-targeted marketing and misleading practices. The settlement includes strict injunctive terms prohibiting youth marketing, certain flavors, and requiring age verification. Funds will support tobacco cessation programs.
$438.5M
Connecticut Attorney General William Tong and DCP Commissioner Michelle Seagull warned consumers about misleading marketing and high-pressure sales tactics by solar companies, citing active investigations and advising thorough research before signing solar contracts.
Connecticut Attorney General William Tong secured $1.2 million in restitution for 40,841 state consumers as part of a multistate $141 million settlement with Intuit Inc., the owner of TurboTax. The settlement resolves allegations that Intuit deceived low-income consumers into paying for tax preparation services that were offered for free through the IRS Free File program by using deceptive marketing tactics and confusing product names. Intuit must pay restitution, suspend its 'free, free, free' ad campaign, and implement business practice reforms.
$141.0M
The FTC took action against CafePress for failing to secure consumer data and covering up a major data breach. The company stored sensitive information insecurely and delayed notifying customers. As part of the settlement, Residual Pumpkin must pay $500,000 in redress, and both companies must implement comprehensive security programs.
$500K
Connecticut Attorney General filed a $5 million stipulation judgment against Safe Home Security for repeated non-compliance with court-ordered consumer protection measures, including blocking contract terminations and misrepresenting terms. The judgment requires immediate payment of $1 million and suspends $4 million pending compliance, with an independent monitor for five years.
$5.0M
The FTC settled with CafePress for failing to implement reasonable data security measures, leading to multiple breaches that exposed Social Security numbers and other sensitive data. As part of the settlement, over $370,000 in refunds are being distributed to 20,044 consumers who filed valid claims.
$370K
Connecticut Attorney General William Tong issued a public warning following the FinalSite ransomware attack that disrupted school websites and communication systems nationwide. He urged all businesses and government entities to strengthen their data security practices and provided a detailed list of preventive measures. The AG also announced a new online form to help businesses comply with breach notification obligations for Connecticut residents.
The FTC finalized an order banning Support King, LLC and its CEO from the surveillance business for selling stalkerware apps that secretly collected and shared users' personal data without consent. The order requires them to delete all illegally collected data and notify affected device owners.
The FTC banned Support King, LLC (SpyFone) and its CEO from the surveillance business for secretly harvesting and sharing users' data without consent, and ordered the deletion of all illegally collected data and notification to affected device owners. The company failed to secure the data, leading to a hack that exposed 2,200 consumers.
Attorney General William Tong of Connecticut joined a multistate coalition of 37 attorneys general in filing a lawsuit against Google alleging antitrust violations related to the Google Play Store and Google Billing. The lawsuit claims Google used its dominance to restrict competition, force developers to use Google Billing, and charge high commissions up to 30%. The action seeks to restore competition in the app market and halt Google's anticompetitive practices.