Welcome! It’s July already and that means a bunch of new privacy and security updates.
This month, on Privacy Lawls, we interviewed the Founder of PRIVO about COPPA and protecting the privacy of children online. You can listen to the episode here. We hope that you find this newsletter helpful for staying up to date with the myriad changes in the privacy field!
Table of Contents
What’s new in privacy?
Below are some of the most notable news in privacy from this month:
- Office of the Privacy Commissioner of Canada releases 2024-2025 study on public opinions on privacy issues. The study found that 78% of Canadians have refused to provide an organization or business with their personal information due to privacy concerns, 87% of Canadians are worried about their privacy on social media, and 89% of Canadians are at least somewhat concerned about the protection of their privacy. Read more here.
- Todd Snyder, Inc. hit with CPRA enforcement action. Todd Snyder, Inc. was fined over $300,000 for violating the CPRA due to allegedly (a) having a misconfigured privacy portal and cookie consent banner and (b) over-collecting personal information. Read more here.
- LexisNexis data breach impacts over 300,000 customers. LexisNexis reported that over 300,000 customers have been impacted by a data leak involving a third party. The breach occurred in December 2024 but LexisNexis was not made aware of it until April 2025. The leak is alleged to have come from a third party-software development platform. Learn more here.
- United Surgical Partners International facing biometric class action lawsuit. United Surgical Partners International employees filed a lawsuit against the firm for the misuse of biometrics. The organization is accused of collecting fingerprint scans, which violates the Illinois Biometric Information Privacy Act, and is now facing a class action lawsuit. Learn more here.
- TikTok fined $600 million for data transfers to China. EU watchdog fined TikTok 530 million Euros ($600 million) for its data transfers to China. These actions exposed users to the risk of surveillance by malicious entities and violated EU data privacy laws. Additionally, TikTok has been accused of lacking transparency with users regarding the destination of their data. Read more here.
- Google agrees to pay over $1 billion to Texas for data privacy violations. Texas Attorney General Ken Paxton announced that Google has agreed to pay over $1 billion to Texas for violating residents’ data privacy rights. Google is accused of collecting biometric data from residents in 2022 without their consent. Learn more here.
- Germany urges Apple and Google to block DeepSeek over privacy rules. Germany’s Data Protection Authority has formally requested Apple and Google to review and potentially remove DeepSeek from their app stores. The DPA Commissioner alleges that DeepSeek has been unable to demonstrate adequate protection of German user data when transferred to China. Read more here.
- EFF urges states to investigate data brokers. An analysis done by the Electronic Frontier Foundation and the Privacy Rights Clearinghouse have found that many data brokers have failed to register in all of the four states with laws that require such registration. The organizations wrote letters to States’ Attorney Generals with such laws seeking an investigation as to why data brokers have not registered across all states that require such registration. Learn more here.
- Aflac suffers cyber attack. American Family Life Assurance Company (Aflac) suffered a cyber attack that potentially compromised sensitive personal information, including health data. The details leaked during the attack include insurance claim information, protected health information and personal details, including Social Security Numbers. Read more here.
- CNIL issues guidance regarding web scraping for AI developers. The French Data Protection Authority, CNIL, has issued guidance on the collection of data via web scraping and using such data for developing AI systems. The guidance lists the conditions under which the legal basis of legitimate interest may be used for the development of an AI system, while other guidance details the measures to be taken for proper collection of data via web scraping. Learn more here.
What privacy bills are we tracking?
As part of our service, we keep track of privacy bills that would affect the way Privacy Policies are written. Below is our most recent list of privacy bill proposals in the United States. You can access the privacy bill tracker any time on our blog.
Georgia – GA SB111;
Vermont – SB93; and
Events
Here are some great virtual events that you can attend to learn more about the hottest issues in privacy and meet other privacy professionals:
- Data Protection Impact Assessment Walk-Through – July 7, 2025;
- Tracking technologies in healthcare – July 17, 2025;
- Agentic AI Risk Mitigation: ID System Legal Frameworks and Liability Allocation – July 24, 2025.
Conclusion
Thank you for reading! Hopefully, you feel all caught up on data privacy news for this month.
Want to do your part in respecting people’s privacy online? Check out our Privacy Policy Generator. Not only is it the most comprehensive generator on the market, but it will auto-update your policies as the privacy-law landscape changes.
