Data Privacy News & Updates for August

Welcome, Privacy Peeps!

We probably won’t use that introduction again, don’t worry. It has been a big month in privacy, though.

This month, on Privacy Lawls, we interviewed Angeli Patel, the Executive Director at Berkeley Center for Law and Business on the privacy risks of uploading your photos into an AI system. You can listen to the episode here.

What’s new in privacy? 

Below are some of the most notable news in privacy from this month: 

1. Privacy class action lawsuit against GoodRx allowed to proceed. A federal Court in California allowed most of a privacy class action lawsuit against GoodRx to proceed. The lawsuit claims that the company collects and shares private health information of customers without their consent. Read more here. 
2. Trial begins in data privacy lawsuit against period tracking app Flo. The lawsuit originally alleged that the app shared users’ highly sensitive information to third parties, including Meta, Google, AppsFlyer and an analytics company. While the claims against Google were settled and AppsFlyer were dismissed, the jury trial will determine the fate of the claims against Flo and Meta, which the class accuses of using their personal data for advertising and other purposes. Learn more here.  
3. Brave Browser blocks Microsoft Recall. Brave has disabled Microsoft Recall feature for users by default, stating that the Recall system introduces serious privacy risks by automatically capturing screenshots of user activity and storing them in a local database. Read more here. 
4. Texas-based drug and alcohol testing firm suffers data breach. The Alcohol and Drug Testing Service, a Texas-based drug and alcohol testing firm for private employers and state and federal agencies is under investigation for a data breach. In July, 2024, the company detected a compromise of data and some of this data was downloaded by an unauthorized actor. The data breach contained nearly 750,000 records and the company did not begin notifying the affected individuals until July 2025. Read more here. 
5. TicketNetwork settles privacy violations claim for $85,000. The Attorney General of Connecticut has announced a settlement with TicketNetwork which resulted from an investigation into the company’s violations of the Connecticut Data Privacy Act. The violations stemmed from the company’s Privacy Policy not meeting the requirements of the law, namely not providing a list of key data privacy rights, nor with a proper way for individuals to exercise those rights. Learn more here. 
6. Lawmakers amend the Connecticut Data Privacy Act. The Governor of Connecticut has signed SB1295, which amends the Connecticut Data Privacy Act. Notable changes include a change in the definition of “decisions that produce legal or similarly significant effects concerning the consumers”, the inclusion of neural data as protected personal information, expanded definitions of sensitive data, changing applicability thresholds and changes to Privacy Policy disclosure requirements. Learn more here. 
7. CJEU decision interprets employee privacy claim. A class action lawsuit against a German employer was filed when employee data was sent through the Workday cloud HR platform. The Court of Justice of the European Union found that collective agreements cannot bypass GDPR standards. A German Court found that transferring employee data categories beyond those listed in the agreement, without an independent legal basis, violates GDPR. Read more here.
8. Luggage service’s bug exposes travel plans. A web bug in Airportr, a door-to-door luggage service used by multiple airlines allows hackers to see user data and even gain privileges that would allow them to redirect or steal luggage. Learn more here.  
9. MetaAI searches made public. Users of MetaAI were shocked to learn that some of their prompts into the AI tool were posted on a public feed. While a message does pop up stating that posts are public and visible to everyone, it is not clear if the users understood that their searches were published in a public “Discover” feed on the Meta AI app and website. The searches could be traced to the social accounts of an individual through usernames and profile pictures. Read more here. 
10. Senators press Delta Air Lines to answer questions about the use of AI to set ticket prices. Delta plans to use AI-based technology to set prices on flight tickets across 20% of its domestic network, sparking concerns about privacy and fairness. Learn more here. 

What privacy bills are we tracking? 

As part of our service, we keep track of privacy bills that would affect the way Privacy Policies are written. Below is our most recent list of privacy bill proposals in the United States. You can access the privacy bill tracker any time on our blog.

• Georgia – GA SB111;
• Hawaii – HI SB1037;
• Illinois – IL HB3385;
• Illinois – IL SB3517;
• Illinois – IL SB52;
• Illinois – IL HB3041;
• Maine – ME HB710/HB1088;
• Maine – ME HB1220;
• Massachusetts – MA SB33;
• Massachusetts – MA HB104;
• New York – NY S2277;
• New York – NY SB365;
• New York – NY SB3162;
• New York – NY AB4374;
• North Carolina – NC – HB462;
• North Carolina – NC – SB757;
• Oklahoma – OK H1012;
• Pennsylvania – PA HB78;
• Pennsylvania – PA SB112;
• Vermont – HB208;
• Vermont – SB93; and
• West Virginia HB2953

Events

Here are some great virtual events that you can attend to learn more about the hottest issues in privacy and meet other privacy professionals: 

1. State privacy enforcement: updates, priorities and recommendations – August 19; 
2. Agentic AI Risk Mitigation: Decentralized Digital Identity, Digital Wallets, and Authorization Delegation – August 28; 
3. Mastering AI Governance: what you need to know about the AIGP Certification – September 9.

Conclusion

Don’t forget to subscribe to Privacy Lawls if you haven’t already. It’s becoming one of the top privacy-focused podcasts in the U.S. right now! We will see you here next month!