1,338 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,338
Total Actions
14
Jurisdictions
$50.6B+
Total Fines Tracked
The FTC settled charges against GoDaddy for failing to implement adequate data security measures for its web hosting services, which led to multiple breaches and misled customers about its security protections. The proposed order requires GoDaddy to establish a comprehensive information security program and hire an independent assessor for regular reviews.
The FTC finalized an order against IntelliVision Technologies Corp. for making deceptive claims about its facial recognition software's accuracy and lack of bias. The company must now back up any claims with competent testing and is prohibited from misrepresenting the software's performance. No monetary penalty was imposed.
Attorney General William Tong announced that starting January 1, 2025, businesses covered by the Connecticut Data Privacy Act must honor global opt-out preference signals, allowing consumers to opt out of targeted advertising and data sales via tools like Global Privacy Control. The advisory explains requirements, notes exemptions for HIPAA-covered entities, and provides resources for compliance.
Texas Attorney General Ken Paxton announced investigations into 15 companies, including Character.AI, Reddit, Instagram, and Discord, for potential violations of the SCOPE Act and TDPSA concerning children's privacy. The investigations target practices such as unauthorized sharing of minors' personal data and failure to provide parental controls. This action is part of Texas's broader initiative to enforce data privacy laws.
Texas Attorney General Ken Paxton has launched investigations into Character.AI and fourteen other companies, including Reddit, Instagram, and Discord, for potential violations of the SCOPE Act and TDPSA regarding children's privacy and safety. The investigations focus on unauthorized sharing of minors' data and lack of parental controls. No penalties have been imposed yet as the investigations are ongoing.
Guardian Analytics, Inc. and Actimize, Inc. settled with the Connecticut Attorney General over a data breach affecting 157,629 Connecticut residents. The breach, from November 2022 to January 2023, exposed personal information due to security failures. The settlement includes a $500,000 penalty and mandatory cybersecurity improvements.
$500K
Texas Attorney General Ken Paxton settled with Pieces Technologies for making deceptive claims about the accuracy of its healthcare AI products used in Texas hospitals. The company advertised an error rate of '<1 per 100,000' which was found inaccurate. The settlement requires Pieces to accurately disclose product accuracy and ensure hospital staff understand the limitations.
Verkada, a security camera company, failed to secure customer data, leading to a hacker accessing over 150,000 cameras and sensitive health information. The company also violated the CAN-SPAM Act by sending spam emails without proper opt-out mechanisms. To settle, Verkada will pay $2.95 million and implement a comprehensive security program with audits.
$3.0M
Attorney General William Tong, along with the U.S. Department of Justice and eight other state attorneys general, filed a civil antitrust lawsuit against RealPage Inc. for allegedly using its algorithmic pricing software to facilitate price fixing among landlords and monopolize the market for revenue management software. The complaint alleges that RealPage collects competitively sensitive rental data from landlords to train its algorithm, which then recommends prices, harming renters by reducing competition. The lawsuit seeks an injunction to end these practices and restore competition.
Texas Attorney General Ken Paxton secured a $1.4 billion settlement with Meta over the company’s decade-long unauthorized capture of Texans’ facial geometry via its Tag Suggestions feature, which used facial recognition software without providing notice or obtaining informed consent. The practices violated Texas’s Capture or Use of Biometric Identifier Act (CUBI) and Deceptive Trade Practices Act, as Meta automatically enabled the feature for all Texans without explaining its functionality or seeking permission. This is the largest privacy settlement ever obtained by a single state attorney general, with Meta required to pay the penalty over five years and cease the unlawful biometric data practices.
$1.4B
NGL Labs, LLC and its founders were sued by the FTC and Los Angeles DA for marketing an anonymous messaging app to children and teens, making false claims about AI content moderation, sending fake messages to boost engagement, and violating COPPA by collecting kids' data without parental consent. They must pay $5 million, with $500,000 as a civil penalty and $4.5 million for consumer redress, and are banned from offering the app to users under 18. The order requires age gates, data deletion, and prohibits false claims about AI and recurring charges.
$500K
The FTC settled with NGL for deceptively marketing its anonymous messaging app to children and teens, using fake messages to trick users into paid subscriptions without proper consent. The order banned marketing to users under 18 and required $4.5 million in refunds for unauthorized charges.
$4.5M
The FTC finalized an order against Avast for selling consumers' web browsing data for advertising after promising privacy protection. Avast must pay $16.5 million, is banned from selling such data, must delete collected data, obtain consent, notify consumers, and implement a privacy program.
$16.5M
California Attorney General Rob Bonta announced a $6.75 million settlement with software company Blackbaud over a 2020 data breach that exposed consumers' personal information including Social Security numbers, bank account details, and medical data. Blackbaud was found to have inadequate data security practices, failed to timely and accurately notify impacted individuals of the breach, and made misleading public disclosures about the breach and its pre-breach security measures. The settlement requires Blackbaud to pay penalties and implement enhanced data security and breach notification protocols.
$6.8M
The FTC finalized a consent order against Blackbaud Inc. for alleged security failures that led to a data breach exposing personal data of millions of consumers. Blackbaud must delete unnecessary data, implement a security program, and not misrepresent its policies. No monetary penalty was imposed.
Connecticut, along with the U.S. Department of Justice and 15 other states, has filed a civil antitrust lawsuit against Apple Inc. for monopolizing smartphone markets in violation of the Sherman Act. The complaint alleges Apple engages in anticompetitive conduct such as blocking innovative apps, suppressing cloud streaming services, and limiting interoperability to maintain its monopoly and impose high costs on consumers and developers. The plaintiffs seek equitable relief to restore competition.
The FTC settled with Avast for deceiving customers by claiming its antivirus software blocked tracking while secretly collecting and selling browsing data. Avast must pay $16.5 million in refunds and is banned from such practices. The FTC is now processing claims for affected consumers.
$16.5M
The FTC has proposed amendments to the COPPA Rule to enhance children's privacy protections. Key changes include requiring separate parental consent for targeted advertising, prohibiting conditioning access on data collection, limiting push notifications, strengthening data security and retention requirements, and restricting commercial use in educational technology. The proposal shifts responsibility from parents to companies to safeguard children's data.
Attorney General William Tong announced details for consumers to receive restitution from a $700 million antitrust settlement with Google. The settlement, secured in December 2023 by a coalition of 53 attorneys general, addresses Google's monopoly in the Google Play Store that led to inflated fees for consumers. Eligible consumers who made purchases between August 2016 and September 2023 will receive automatic payments via PayPal or Venmo.
$700.0M
Blackbaud, a cloud company providing donor management software, experienced a 2020 data breach exposing personal information of millions of donors through its nonprofit customers. A multistate investigation found Blackbaud failed to implement adequate data security and delayed breach notifications. As a result, Blackbaud agreed to pay $49.5 million and overhaul its security practices.
$49.5M
Blackbaud, a software company, experienced a ransomware attack in 2020 that exposed sensitive personal information, including protected health data, due to inadequate security practices and delayed breach notification. A multistate investigation resulted in a $49.5 million settlement, requiring Blackbaud to enhance data security, implement breach response plans, and undergo third-party assessments.
$49.5M
California Attorney General Rob Bonta announced a $93 million settlement with Google resolving allegations that the company violated state consumer protection laws through deceptive location-privacy practices. Google was accused of falsely telling users that turning off the “Location History” setting would stop location data collection, while continuing to collect and use location data for user profiling and targeted advertising without informed consent. In addition to the monetary penalty, Google must implement several injunctive measures to increase transparency and user control over location tracking.
$93.0M
Attorney General William Tong released guidance advising Connecticut consumers of new privacy rights under the Connecticut Data Privacy Act (CTDPA), effective July 1, 2023. The CTDPA grants consumers rights to access, correct, delete, and opt-out of the sale of personal data and targeted advertising. Businesses must comply with these requirements, obtain consent for sensitive data and children's data, and maintain privacy notices.
Connecticut led a multistate settlement with JUUL Labs for $438.5 million over allegations of marketing vaping products to underage youth. The settlement funds are being directed to Regional Behavioral Health Action Organizations through new legislation to combat youth vaping, with requirements for transparency and evidence-based programs.
$438.5M
The FTC and DOJ charged Amazon with violating COPPA by indefinitely retaining children's Alexa voice recordings and failing to honor parents' deletion requests. Under a proposed consent decree, Amazon must pay $25 million, delete children's data, and implement privacy safeguards.
$25.0M
The FTC charged Ring LLC with allowing employees to access private customer videos without consent and failing to secure user accounts, leading to hackers controlling cameras. Under a proposed consent order, Ring must pay $5.8 million in refunds, delete unlawfully accessed data, and implement a privacy and security program.
$5.8M
The FTC settled with Ring for failing to secure consumer videos, allowing unauthorized access by employees and hackers. Ring agreed to provide $5.6 million in refunds to affected customers and implement security measures.
$5.6M
Connecticut Attorney General William Tong filed a lawsuit against Vision Solar, LLC for engaging in predatory high-pressure sales tactics, misrepresenting financing and tax credits, and performing unpermitted work that left homeowners with nonfunctioning systems and unaffordable loans. The action seeks restitution for consumers, civil penalties, and injunctive relief to stop the company's unfair and deceptive practices.
Google settled with 40 state attorneys general over allegations that it misled consumers about location tracking practices. Google will pay $391.5 million and must enhance transparency and user controls for location data collection.
$391.5M
Connecticut and 39 other states secured a $391.5 million settlement with Google for misleading consumers about location tracking and continuing to collect data after users opted out. The settlement mandates Google to enhance transparency and user controls for location settings, including clear disclosures and user-friendly account controls.
$391.5M
All data sourced from official government enforcement pages.