1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
The FTC settled charges with data broker Kochava, Inc. and its subsidiary Collective Data Solutions (CDS) over allegations that they sold precise location data from hundreds of millions of mobile devices without consumer consent, enabling tracking of visits to sensitive locations like reproductive health clinics and places of worship. The settlement prohibits the companies from selling or sharing sensitive location data without affirmative express consumer consent, and imposes compliance requirements including a sensitive location data program, supplier consent assessments, incident reporting, and data retention schedules. No monetary penalty was imposed.
The Federal Trade Commission (FTC) sent warning letters to 13 data brokers reminding them of their obligations under the Protecting Americans’ Data from Foreign Adversaries Act (PADFAA). PADFAA prohibits data brokers from selling or providing sensitive personal data about Americans to foreign adversaries such as China, Russia, Iran, and North Korea. The letters warn that violations could result in civil penalties of up to $53,088 per violation and urge companies to review their business practices for compliance.
Datamasters, a data broker, failed to register with the California Data Broker Registry as required by the Delete Act. The company sold sensitive personal information including health conditions, age, race, and political views. As a result, it must pay a $45,000 fine and cease all sales of Californians' personal information.
$45K
CalPrivacy issued Enforcement Advisory No. 2025-01 to remind data brokers of their annual registration obligations under California's Delete Act, including disclosing all trade names and websites and registering independently rather than through a parent company. The advisory warns that failures to comply may result in administrative fines of $200 per day, plus fees and recovery costs. It also highlights the upcoming Delete Request and Opt-Out Platform (DROP) launching January 1, 2026.
The California Privacy Protection Agency fined ROR Partners LLC $56,600 for failing to register as a data broker under the Delete Act. The Nevada-based marketing firm must pay the fine and past-due fees. This action is part of CalPrivacy's enforcement against unregistered data brokers.
$57K
The California Privacy Protection Agency fined ROR Partners LLC $56,600 for failing to register as a data broker under the Delete Act. The marketing firm sold custom audience lists built from consumer data without registration, highlighting that businesses collecting and selling personal information must comply with data broker requirements.
$57K
The California Privacy Protection Agency (CalPrivacy) announced the creation of a Data Broker Enforcement Strike Force to investigate privacy violations by data brokers under the CCPA and Delete Act. The strike force will focus on compliance with registration requirements and other obligations, building on previous enforcement actions to increase accountability.
The California Privacy Protection Agency (CalPrivacy) announced the creation of a Data Broker Enforcement Strike Force to investigate privacy violations by data brokers. The strike force will focus on compliance with the Delete Act's registration requirement and the CCPA, building on previous enforcement actions. This initiative aims to hold data brokers accountable and protect Californians' personal information.
The California Privacy Protection Agency (CPPA) ordered Accurate Append, Inc. to pay a $55,400 fine for failing to register as a data broker under the Delete Act by the January 31, 2024 deadline. The company registered only after being contacted during an enforcement sweep and agreed to injunctive terms, including paying attorney fees for future non-compliance.
$55K
The California Privacy Protection Agency ordered Jerico Pictures, Inc., doing business as National Public Data, to pay a $46,000 fine for failing to register and pay the annual fee required under the Delete Act. The order was issued by default after the company did not contest the allegations, highlighting CPPA's enforcement of data broker registration requirements.
$46K
The California Privacy Protection Agency (CPPA) ordered Jerico Pictures, Inc., doing business as National Public Data, to pay a $46,000 fine for failing to register and pay the annual fee required under California's Delete Act. The order was issued by default after the company did not contest the allegations. This enforcement action highlights the CPPA's efforts to ensure data broker compliance with registration laws.
$46K
The California Privacy Protection Agency settled with data broker Background Alert, Inc. for failing to register and pay fees under the Delete Act. The company must shut down its operations through 2028 or face a $50,000 fine. This action is part of a broader enforcement sweep against non-compliant data brokers.
The California Privacy Protection Agency (CPPA) filed an administrative action against National Public Data, a Florida-based data broker, for failing to register and pay the required annual fee under California's Delete Act. The agency is seeking a $46,000 fine for the violation, which occurred 230 days late, as part of an enforcement sweep targeting non-compliant data brokers.
$46K
The California Privacy Protection Agency (CPPA) filed an administrative action against Jerico Pictures, Inc., doing business as National Public Data, for failing to register and pay the required annual fee under the California Delete Act. The action seeks a $46,000 fine for the company's 230-day late registration, as part of CPPA's enforcement sweep against data brokers.
$46K
Texas Attorney General Ken Paxton filed a lawsuit against Allstate and its subsidiary Arity for unlawfully collecting, using, and selling driving data from over 45 million consumers without consent. The data, which includes precise geolocation information, was used to justify insurance premium increases. This action alleges violations of the Texas Data Privacy and Security Act (TDPSA).
The California Privacy Protection Agency (CPPA) settled with two data brokers, PayDae, Inc. (Infillion) and The Data Group, LLC, for failing to register as required by Senate Bill 362 (the Delete Act). Infillion paid $54,200 and The Data Group paid $46,600, and both agreed to injunctive terms to ensure future compliance with registration requirements.
The California Privacy Protection Agency (CPPA) settled with data brokers Growbots, Inc. and UpLead LLC for failing to register and pay annual fees under the California Delete Act. Growbots paid $35,400 and UpLead paid $34,400, and both agreed to injunctive terms including payment of attorney fees for non-compliance. This action enforces the Delete Act's requirements for data broker transparency and consumer privacy.
$70K
The California Privacy Protection Agency (CPPA) announced an investigative sweep to enforce data broker registration compliance under the Delete Act. Data brokers must register annually and pay fees, with penalties of $200 per day for non-compliance. The CPPA will take enforcement actions against unregistered data brokers and is developing a consumer deletion platform (DROP) for 2026.
Texas Attorney General Ken Paxton issued warning letters to over 100 companies informing them of their apparent failure to register as data brokers with the Texas Secretary of State by the March 1, 2024 deadline required by Chapter 509 of the Texas Business and Commerce Code. The notification follows the establishment of a specialized privacy enforcement team within the AG’s Consumer Protection Division to enforce Texas privacy laws. The letters alert companies to potential penalties for noncompliance with registration and data safeguard requirements under Texas’s Data Broker Law.
Texas Attorney General Ken Paxton sent notification letters to over 100 companies for failing to register as data brokers under Texas Business and Commerce Code Chapter 509, which requires registration by March 1, 2024, and implementation of data safeguards. This action is part of an initiative to enforce privacy laws and protect consumer data.
Texas Attorney General Ken Paxton issued warning letters to over 100 data brokers for failing to register with the Texas Secretary of State as required by the Texas Data Broker Law. The law, which took effect March 1, 2024, mandates that data brokers register and implement data protection safeguards. This enforcement action is part of a new initiative to protect Texans' privacy.
The FTC finalized an order against data broker X-Mode and its successor Outlogic for selling precise location data that could track visits to sensitive locations like medical clinics and places of worship. The order bans them from sharing or selling sensitive location data and requires them to delete collected data, implement privacy programs, and ensure downstream compliance.
The California Privacy Protection Agency settled with data broker Key Marketing Advantage, LLC for failing to register and pay fees under the Delete Act. KMA will pay $55,800 and agree to injunctive terms. This is the fifth enforcement action in a sweep against unregistered data brokers.
$56K
The California Privacy Protection Agency (CPPA) settled with data broker Key Marketing Advantage, LLC for failing to register and pay fees under the Delete Act. KMA will pay $55,800 and comply with injunctive terms, including covering attorney fees for non-compliance. This is the fifth enforcement action in CPPA's sweep against unregistered data brokers.
$56K
All data sourced from official government enforcement pages.