Data Privacy News for March

Another month, another batch of privacy news.

This month, we interviewed Professor Daniel Solove on Privacy Lawls about how new technologies are causing invasions of privacy, as well as his upcoming book, On Privacy and Technology. You can listen to the episode here. We hope that you find this newsletter helpful for staying up to date with the myriad changes in the privacy field!

What’s new in privacy? 

Below are some of the most notable news in privacy from this month: 

1. Connecticut proposes amendments to privacy law. Connecticut’s proposed bill, CT S1356 that would include the following amendments to Connecticut’s privacy law: remove the nonprofit exemption, provide the right to obtain a list of third parties to whom personal data was disclosed, require opt in consent for the sale of personal data, and prohibit social media platforms from requiring individuals to create an account for exercising the privacy rights of children. Read more here. 
2. UK requests Apple to create a backdoor to encrypted data. Britain has ordered Apple to create a back door to encrypted data, which would allow the British government access to view encrypted materials uploaded to the cloud. This would include data such as messages, photos and notes. Learn more here. 
3. Italy bans DeepSeek AI over privacy and ethical concerns. Italy’s Data Protection Authority has blocked Chinese AI firm DeepSeek’s service within the country. The ban was caused by DeepSeek’s failure to provide sufficient information to the DPA on what personal data is being collected, from which sources, for what purposes, on what legal basis, and whether this personal data was stored in China. Read more here. 
4. Amazon sued for alleged violations of Washington’s health privacy law. A recent lawsuit filed against Amazon claims that the company violated Washington’s My Health My Data Act by harvesting consumer data without consent and then using that data for targeted advertising. Learn more here. 
5. Russia-backed hacking groups targeted encrypted messaging services. Google Threat Intelligence Group has disclosed that Russia-backed hacking groups have developed techniques to compromise encrypted messaging services, including Signal, WhatsApp and Telegram. Read more here. 
6. Class action lawsuit alleging privacy issues filed against Verizon. A class action lawsuit has been filed against Verizon alleging that the company was collecting user data and sharing it and selling it to third parties without consent. The lawsuit alleges that Verizon disclosed browsing history, location data, and app usage and that it sold this information without consent to third-party advertisers, data brokers, and others. Read more here. 
7. France enforces age verification process. In 2024, France’s Audiovisual and Digital Communication Regulatory Authority published the final version of its standard for age verification systems to access pornographic sites. This process includes “double anonymity” solutions, which requires sites or services that broadcast such content to comply with strict technical requirements to verify age. Learn more here. 
8. Hackers found a way to remotely unlock, start and track millions of Subarus. Researchers hacked a test car through a web portal for employees, which allowed them to remotely start the card, track the location of the vehicle in real time, and see a year’s worth of location data. Read more here. 
9. New York State amends law on data breach notifications. The Governor of New York signed SB804 into law, which amends the general business law to require residents to be notified of a data breach and the requiring the responsible person to notify several New York government entities about the timing, content, distribution of notices, and the approximate number of affected individuals. Learn more here. 
10. Session-replay class action lawsuit dismissed. The case filed in the Eight Circuit alleged that two websites tracked an individual and permitted third parties to record her interactions with such websites using session-replay technologies. The case was dismissed as the Court found that sensitive information was not recorded and that the Plaintiff consented to the provision of this information. Read more here. 

What privacy bills are we tracking? 

As part of our service, we keep track of privacy bills that would affect the way Privacy Policies are written. Below is our most recent list of privacy bill proposals in the United States. You can access the privacy bill tracker any time on our blog.

• Arkansas – AR SB258;
• Georgia – GA SB111;
• Hawaii – HI SB1037;
• Illinois – IL HB3385;
• Illinois – IL SB3517;
• Illinois – IL SB52;
• Illinois – IL HB3041;
• New York – NY S2277;
• New York – NY SB365;
• New York – NY SB3162;
• New York – NY AB4374;
• Oklahoma – OK H1012;
• Pennsylvania – PA HB78;
• Vermont – HB208;
• Vermont – SB93;
• West Virginia HB2953

Events

Here are some great virtual events that you can attend to learn more about the hottest issues in privacy and meet other privacy professionals: 

1. Safeguarding the Future: AI, Privacy and Children’s Data Governance – March 4, 2025; 
2. Breaking Barriers: Women Leading Privacy – March 20, 2025.

See you next month!

That’s it for this month! If you made it this far, be sure to subscribe to the Privacy Lawls podcast. We have some great episodes in store for this month as well as next month.