1,338 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,338
Total Actions
14
Jurisdictions
$50.6B+
Total Fines Tracked
The Connecticut Office of the Attorney General released a mandated report on the Connecticut Data Privacy Act (CTDPA), detailing over a dozen notices of violation issued to companies across various industries for deficiencies in privacy disclosures and consumer rights mechanisms. The report highlights common compliance failures and reaffirms the AG's commitment to enforcement and education under the state's consumer privacy law.
The FTC settled with data brokers X-Mode Social and Outlogic for selling precise location data without informed consent and failing to protect sensitive information. The proposed order bans the sale of sensitive location data, requires deletion of collected data, and mandates a comprehensive privacy program. This is the FTC's first action against a data broker for sensitive location data practices.
California Attorney General Rob Bonta announced a $93 million settlement with Google resolving allegations that the company violated state consumer protection laws through deceptive location-privacy practices. Google was accused of falsely telling users that turning off the “Location History” setting would stop location data collection, while continuing to collect and use location data for user profiling and targeted advertising without informed consent. In addition to the monetary penalty, Google must implement several injunctive measures to increase transparency and user control over location tracking.
$93.0M
The FTC finalized an order against 1Health.io for failing to secure genetic data and unfairly changing its privacy policy. The company must pay $75,000 for consumer refunds, destroy DNA samples, and implement security measures. It deceived consumers about data deletion and shared data without proper consent.
$75K
The FTC settled charges against Experian Consumer Services for violating the CAN-SPAM Act by sending marketing emails to consumers who signed up for credit management accounts without providing an opt-out mechanism. The emails promoted products like Experian Boost and Dark Web scans but lacked unsubscribe links. Experian must pay $650,000 and is prohibited from future violations.
$650K
The FTC settled with genetic testing company 1Health.io for failing to secure sensitive genetic and health data, deceiving consumers about data deletion, and unfairly changing its privacy policy without notice or consent. The settlement includes refunds totaling over $49,500 to 2,432 affected consumers.
$50K
New Jersey Attorney General Matthew Platkin joined a multistate lawsuit against Avid Telecom for allegedly initiating and facilitating billions of illegal robocalls, including to numbers on the National Do Not Call Registry, in violation of the Telephone Consumer Protection Act and Telemarketing Sales Rule. The company is accused of transmitting scam calls and ignoring warnings from the Industry Traceback Group.
Connecticut Attorney General William Tong filed a lawsuit against Michael D. Lansky, LLC (Avid Telecom) for allegedly initiating billions of illegal robocalls, including to numbers on the National Do Not Call Registry. The company is accused of violating the Telephone Consumer Protection Act and Telemarketing Sales Rule. This action is part of a multistate task force with nearly every state attorney general.
Attorney General William Tong and bipartisan legislators announced a bill to modernize Connecticut's anti-robocall laws, which haven't been updated since 2015. The bill would expand coverage to text messages, ban gateway VoIP providers, enforce calls to Connecticut area codes, set calling hour restrictions, strengthen telemarketer disclosures, and clarify Do Not Call List protections.
Google settled with 40 state attorneys general over allegations that it misled consumers about location tracking practices. Google will pay $391.5 million and must enhance transparency and user controls for location data collection.
$391.5M
Connecticut and 39 other states secured a $391.5 million settlement with Google for misleading consumers about location tracking and continuing to collect data after users opted out. The settlement mandates Google to enhance transparency and user controls for location settings, including clear disclosures and user-friendly account controls.
$391.5M
California Attorney General Rob Bonta announced a settlement with Sephora, Inc. resolving allegations that the company violated the California Consumer Privacy Act (CCPA) by failing to disclose it was selling consumers' personal information and failing to process opt-out requests via user-enabled Global Privacy Controls. Sephora agreed to pay $1.2 million in penalties and implement injunctive measures including updating privacy disclosures, enabling opt-out via GPC, conforming service provider agreements to CCPA, and reporting to the AG. The settlement is part of ongoing CCPA enforcement efforts, with the AG also issuing cure notices to other businesses failing to honor GPC opt-out signals.
$1.2M
Connecticut Attorney General filed a $5 million stipulation judgment against Safe Home Security for repeated non-compliance with court-ordered consumer protection measures, including blocking contract terminations and misrepresenting terms. The judgment requires immediate payment of $1 million and suspends $4 million pending compliance, with an independent monitor for five years.
$5.0M
The FTC released a staff report based on Section 6(b) orders to six major ISPs, finding they collect extensive personal data, including internet traffic and location data, and share it with third parties. The ISPs often obscure data use disclosures in fine print and make it difficult for consumers to opt out, while combining data to profile sensitive characteristics. The report highlights the need for stricter privacy restrictions.
New Jersey joined 31 other states and the FTC in a $3.5 million settlement with Lenovo for pre-installing VisualDiscovery ad software on laptops that created a 'man-in-the-middle' security vulnerability, intercepting users' encrypted data without adequate disclosure or opt-out mechanisms. The settlement requires Lenovo to improve transparency, obtain affirmative consent, provide effective opt-out tools, and implement a long-term security compliance program with independent audits.
$3.5M
Lenovo preinstalled 'Visual Discovery' software on its computers that intercepted browsing data and broke encrypted connections without user consent, compromising security and privacy. The multi-state settlement imposes a $3.5 million penalty and requires Lenovo to implement disclosure, consent, opt-out, and security compliance measures.
$3.5M
PulsePoint circumvented Safari browser privacy settings to place unauthorized cookies, enabling targeted advertising without user consent. The New Jersey Division of Consumer Affairs secured a $1 million settlement, including a $566,200 civil penalty, and mandated privacy reforms such as third-party assessments and website disclosures.
$566K
All data sourced from official government enforcement pages.