1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Texas Attorney General Ken Paxton has issued notices to several Chinese companies, including TP-Link, Alibaba, and CapCut, for violating the Texas Data Privacy and Security Act (TDPSA). The companies must comply with TDPSA's requirements to disclose data processing, allow opt-outs, and enable data deletion within 30 days, or face further legal action.
Florida Attorney General James Uthmeier filed a lawsuit against Snap, Inc., operator of Snapchat, for violating Florida’s HB3 child social media protection law and the Florida Deceptive and Unfair Trade Practices Act (FDUTPA). The suit alleges Snap knowingly allowed children under 13 to create accounts, failed to obtain parental consent for 14-15 year old users, deployed addictive dark pattern design features to children, and deceived parents about platform risks including predator access, drug sales, and harmful content. The legal action seeks to hold Snap accountable for noncompliance with Florida child safety and privacy laws.
New York Attorney General Letitia James filed a lawsuit against National General Holdings Corp and Allstate Insurance Company for failing to protect personal information and notify consumers of data breaches. The breaches exposed driver's license numbers of over 165,000 New Yorkers due to poor cybersecurity. The AG is seeking monetary penalties and an injunction.
Texas Attorney General Ken Paxton filed a lawsuit against Allstate and its subsidiary Arity for unlawfully collecting, using, and selling driving data from over 45 million consumers without consent. The data, which includes precise geolocation information, was used to justify insurance premium increases. This action alleges violations of the Texas Data Privacy and Security Act (TDPSA).
Texas Attorney General Ken Paxton launched investigations into Character.AI and 14 other companies, including Reddit, Instagram, and Discord, over potential violations of children’s privacy and safety laws. The investigations focus on compliance with the SCOPE Act and Texas Data Privacy and Security Act (TDPSA), which require parental consent for sharing minors’ data and mandate notice and consent requirements for children’s personal information. No fines or remedies have been imposed as the investigations are ongoing.
Texas Attorney General Ken Paxton announced investigations into 15 companies, including Character.AI, Reddit, Instagram, and Discord, for potential violations of the SCOPE Act and TDPSA concerning children's privacy. The investigations target practices such as unauthorized sharing of minors' personal data and failure to provide parental controls. This action is part of Texas's broader initiative to enforce data privacy laws.
Connecticut Attorney General William Tong announced a $65,000 settlement with Hilario Truck Center and Hilario’s Service Center for illegally collecting junk fees such as PPE fees, administrative fees, and fuel surcharges during police-ordered tows. The settlement requires the companies to pay $10,000 to the state and provide refunds to eligible consumers who paid these unauthorized fees between 2019 and 2024.
$65K
Connecticut Attorney General William Tong announced a $20,000 settlement with EnergyBillCruncher.com for misleading solar marketing tactics, including false claims about government coverage, misuse of the state seal, and false urgency in social media ads. The company must cease these practices and notify its solar installer partners.
$20K
The FTC staff report examined data practices of nine major social media and video streaming companies and found they engaged in vast surveillance of users with lax privacy controls and inadequate safeguards for children and teens. The report recommends limiting data collection, restricting targeted advertising, and strengthening protections for young users, and calls for comprehensive federal privacy legislation.
Texas Attorney General Ken Paxton settled with Pieces Technologies for making deceptive claims about the accuracy of its healthcare AI products used in Texas hospitals. The company advertised an error rate of '<1 per 100,000' which was found inaccurate. The settlement requires Pieces to accurately disclose product accuracy and ensure hospital staff understand the limitations.
Florida Attorney General Ashley Moody, joined by 20 other state attorneys general, sent a letter to online retailer Temu and its parent company PDD Holdings demanding answers about data collection, sharing, and retention practices, including potential unauthorized sharing of U.S. consumer data with the Chinese Communist Party. The coalition also raised concerns about possible violations of the Uyghur Forced Labor Prevention Act and inadequate cybersecurity measures. Temu has 30 days to respond to 11 detailed requests for information and documentation.
Texas Attorney General Ken Paxton filed a lawsuit against General Motors for unlawfully collecting private driving data from over 1.5 million Texas drivers without consent and selling the data to third parties including insurance companies. GM allegedly deceived customers into enrolling in products like OnStar Smart Driver by falsely claiming enrollment was required to retain vehicle safety features, while concealing that enrollment authorized systematic collection and sale of detailed driving data. The action follows an investigation launched in June 2024 as part of the Texas AG’s data privacy initiative, and seeks to hold GM accountable for violating state privacy laws.
The FTC and DOJ sued TikTok and ByteDance for violating COPPA by collecting personal information from children under 13 without parental consent. The complaint alleges that TikTok knowingly allowed millions of children on its platform and failed to comply with a 2019 consent order. The lawsuit seeks civil penalties and a permanent injunction.
Connecticut Attorney General William Tong announced an investigation into EnergyBillCruncher for making false claims that the government would cover solar installation costs, misusing the state seal, and creating false urgency. The investigation seeks information on the company's ownership, consumer interactions, and partnerships. This is part of broader actions against deceptive solar sales tactics.
Texas Attorney General Ken Paxton opened an investigation into multiple car manufacturers for collecting and selling driver data to third parties, including insurance companies, without consumers' knowledge or consent. The investigation, conducted under the Texas Deceptive Trade Practices – Consumer Protection Act, seeks documents about data collection practices and disclosures made to customers. The AG's office is concerned about invasive data collection and potential deceptive practices.
Texas Attorney General Ken Paxton initiated an investigation into multiple car manufacturers for allegedly collecting drivers' data without consent and selling it to third parties, including insurance providers. The investigation, authorized under the Texas Deceptive Trade Practices – Consumer Protection Act, requires manufacturers and data purchasers to produce documents related to their data practices and customer disclosures. The AG highlighted concerns about invasive, non-consensual data collection and sale occurring without consumer knowledge.
The FTC finalized a consent order against Blackbaud Inc. for alleged security failures that led to a data breach exposing personal data of millions of consumers. Blackbaud must delete unnecessary data, implement a security program, and not misrepresent its policies. No monetary penalty was imposed.
The FTC settled with InMarket Media for unlawfully collecting and using consumers' precise location data without adequate notice and consent. The order prohibits InMarket from selling or sharing precise location data, requires deletion of collected data, and mandates consumer consent mechanisms and privacy programs.
The Connecticut Office of the Attorney General released a mandated report on the Connecticut Data Privacy Act (CTDPA), detailing over a dozen notices of violation issued to companies across various industries for deficiencies in privacy disclosures and consumer rights mechanisms. The report highlights common compliance failures and reaffirms the AG's commitment to enforcement and education under the state's consumer privacy law.
The FTC settled with data brokers X-Mode Social and Outlogic for selling precise location data without informed consent and failing to protect sensitive information. The proposed order bans the sale of sensitive location data, requires deletion of collected data, and mandates a comprehensive privacy program. This is the FTC's first action against a data broker for sensitive location data practices.
The FTC finalized an order against 1Health.io for failing to secure genetic data and unfairly changing its privacy policy. The company must pay $75,000 for consumer refunds, destroy DNA samples, and implement security measures. It deceived consumers about data deletion and shared data without proper consent.
$75K
The FTC settled with genetic testing company 1Health.io for failing to secure sensitive genetic and health data, deceiving consumers about data deletion, and unfairly changing its privacy policy without notice or consent. The settlement includes refunds totaling over $49,500 to 2,432 affected consumers.
$50K
The FTC proposed modifications to its 2020 privacy order with Meta, alleging violations including non-compliance with the order, misleading parents about Messenger Kids, and unauthorized data sharing. The proposed changes include banning monetization of youth data, pausing new product launches, and strengthening privacy requirements.
Connecticut Attorney General William Tong and Secretary of State Stephanie Thomas warned businesses about a scam by C F Division Services, LLC, which sends solicitations mimicking government notices for free UCC reports while charging $90. The company's disclaimer is not clear and conspicuous, and the AG has demanded information via letter while investigating the deceptive practices.
Attorney General William Tong joined a coalition of 18 attorneys general to urge the FTC to strengthen the Motor Vehicle Dealers Trade Regulation Rule. The coalition supports proposed updates that prohibit misrepresentations, require accurate pricing disclosures, and obtain informed consent for add-ons, while suggesting enhancements like written disclosures and record retention to prevent consumer harm in car sales.
The FTC and CFPB filed an amicus brief with the Third Circuit Court of Appeals to overturn a lower court ruling that exempted furnishers from investigating indirect disputes under the FCRA. The brief argues that all disputes must be investigated to ensure consumers can correct inaccurate credit information and be notified of outcomes, upholding key FCRA protections.
Connecticut Attorney General William Tong sued Reynolds Consumer Products for violating the Connecticut Unfair Trade Practices Act by falsely marketing Hefty 'Recycling Bags' as recyclable and suitable for recycling programs, despite knowing they are incompatible with Connecticut's recycling facilities and cause contamination. The lawsuit seeks damages, injunctive relief, and other remedies to stop the deceptive practice.
Connecticut Attorney General William Tong joined a coalition of 19 attorneys general to submit comments to the CFPB, urging robust consumer protections for buy-now-pay-later (BNPL) lenders. The coalition expressed concerns that BNPL loans may trap consumers in debt through hidden fees, inadequate disclosures, and improper data monetization practices.
Connecticut Attorney General William Tong announced settlements with four hearing aid companies for marketing their products as 'FDA-approved' when no such approval exists. The companies will collectively pay $40,000 and cease such marketing practices. The investigation underscores that over-the-counter hearing aids are not FDA-approved and consumers should be wary of such claims.
$40K
The FTC finalized an order banning Support King, LLC and its CEO from the surveillance business for selling stalkerware apps that secretly collected and shared users' personal data without consent. The order requires them to delete all illegally collected data and notify affected device owners.
All data sourced from official government enforcement pages.