AGs from 46 states reached a $1.26 million settlement with Carnival Corporation and three of its subsidiaries (collectively “Carnival”) to resolve allegations that Carnival violated state consumer protection and personal information protection laws when deficiencies in its information security program contributed to a 2019 data breach that compromised the personal information of approximately 180,000 Carnival employees and customers.

Read More

The FTC and DOJ reached a settlement with Twitter, Inc. to resolve allegations that the company used user personal data to help sell targeted advertisements in violation of the FTC Act and a 2011 FTC Order, which prohibited the company from misrepresenting the extent to which it protects user data.

Read More

The CFPB released Consumer Financial Protection Circular 2022-03 and an accompanying press release detailing the agency’s position on the application of anti-discrimination laws to consumer lenders relying on so-called “black box” credit models that use complex algorithms or artificial intelligence to evaluate creditworthiness. Specifically, the Circular addressed the application of the Equal Credit Opportunity Act…

Read More

Meghan Stoppel, who spent over a decade serving as an Assistant Attorney General, and later as Consumer Protection Chief, to both Democratic and Republican state attorneys generals, talks to Andy Baer, Chair of Cozen O’Connor’s Technology, Privacy and Data Security practice, about how state AGs are weighing in on both policy and enforcement with respect to privacy

Read More

Utah has become the fourth state in the nation to pass broad consumer data privacy legislation, following California, Virginia, and Colorado. The Utah Consumer Privacy Act will become effective December 31, 2023, and apply to businesses that (1) conduct business in Utah or otherwise target Utah consumers; (2) have $25 million or more in annual…

Read More