Data privacy news for April

It’s not every month that a privacy bill gets passed into law, but that’s one of the many news stories from this past month. But, before we get to the headlines, let’s talk Privacy Lawls.

This month, we interviewed Jamal Ahmed on Privacy Lawls. You can listen to the episode, where we discuss how privacy pros can accelerate their careers and great tips for building your career in privacy here.

What’s new in privacy?

Below are some of the most notable news in privacy from this month: 

1. Oklahoma passes comprehensive privacy law. On March 23, the legislature of Oklahoma passed Oklahoma SB546, a comprehensive privacy law that will go into effect on January 1, 2027. This new privacy law will provide residents of Oklahoma with privacy rights and will impose compliance obligations on certain businesses, such as the requirement to have a comprehensive Privacy Policy. Read our Compliance Guide here. 
2. Samsung reaches a settlement with Texas over collecting viewing habits through smart TVs. According to the settlement, Samsung used software to capture screenshots of a user’s television display every 500 milliseconds, monitoring viewing activity in real time, and transmitting that information back to the company without the user’s knowledge and consent. The company then sold that consumer information to target ads across platforms for profit. Read more here. 
3. Connecticut Attorney General releases Enforcement Report. The report highlights the most common categories of consumer complaints, including unfulfilled consumer data rights requests, data breaches, and people search websites. The Report also highlights recent enforcement trends such as Privacy Policies, dark patterns and cookie banner sweeps, opt-out preference signals, and more. Learn more here. 
4. Global CBPR 2.0 requirements finalized. The revisions include enhanced protections for sensitive data, children’s data, strengthened risk identification and mitigation procedures, breach notification readiness, expanded consumer choice mechanisms, and clearer governance expectations. Learn more here. 
5. Tinder rolls out a new feature that allows for the scanning of a camera roll. The feature, powered by AI, would scan the user’s entire camera roll to detect key themes that could help daters find matches. While the feature is opt in, privacy advocates are stating that this feature can create a slew of privacy issues, including storage of the photos and Tinder sharing the photos with an unnamed third party. Learn more here. 
6. Security flaw at the UK Business Registry exposes the data of businesses. The security flaw was discovered on March 12 by a corporate services provider and would allow logged-in users to view company information of other companies, including dates of birth and residential addresses of business owners. Read more here.
7. White House releases National AI Policy Framework. The framework calls for state AI law preemption and focuses on workforce and education, enabling innovation, preventing censorship, protecting children, and more. Read more here.  
8. CJEU rules against serial DSAR litigants. The Court of Justice of the European Union ruled against a serial litigant who subscribed to an email newsletter and then submitted a GDPR Article 15 access request 13 days later. Learn more here. 
9. Ford must pay $375,703 fine for violation of California’s privacy rules. The violations stems from ford requiring consumers to verify their email address as part of the workflow to opt out of the selling or sharing of their personal information. Read more here. 
10. California ramps up enforcement of consumer privacy opt-out rights. The cases include a Judgment against Disney and ABC Enterprises and PlayOn Sports. Learn more here. 

What privacy bills are we tracking?

There has been several new privacy bills being proposed across the U.S. for 2026. Here are the ones we’re currently keeping eyes on:

• Alabama – AL HB351;
• Alaska – AK HB367;
• Arizona – AZ SB1815;
• Illinois – IL SB52;
• Illinois – IL HB3041;
• Illinois – IL SB2875;
• Illinois – IL SB3220;
• Illinois – IL HB5221;
• Illinois – IL SB3548;
• Illinois – IL SB3890;
• Maine – ME HB1220;
• Massachusetts – MA SB33;
• Massachusetts – MA SB301;
• Massachusetts – MA SB2619;
• Massachusetts – MA HB4746;
• Michigan – MI SB359;
• Minnesota – MN SB4666;
• New York – NY S4276;
• New York – NY AB5827;
• New York – NY AB974;
• New York – NY AB4947;
• New York – NY SB8524;
• North Carolina – NC – HB462;
• North Carolina – NC – SB757;
• Pennsylvania – PA HB78;
• Pennsylvania – PA SB112;
• Vermont – VT H812;
• Washington – WA HB1671;
• West Virginia – WV HB5123

Data privacy events for April

Here are some great virtual events that you can attend to learn more about the hottest issues in privacy and meet other privacy professionals: 

1. Balancing openness and innovation: insights for the American AI Action Plan – April 2; 
2. EU Digital Laws: green wall or alphabet soup? – April 9; 
3. Privacy and requests for personal information – April 22.

That’s a wrap!

Those are all the notable headlines in privacy to kick off your month of April! Reminder, Privacy Lawls has recently surpassed 4,000 downloads. If you need to catch up on any of the 31 episodes, you can see the full playlist here.