Data Privacy News & Updates for September

This month, we had the pleasure of interviewing Dr. Ilia Kolochenko on Privacy Lawls. We discussed how lawyers use AI, what types of data lawyers may share with AI tools, and the ABA Formal Opinion on the ethical considerations that lawyers must take into account when using AI. You can listen to the episode here. 

We hope you find this helpful for staying up to date with the myriad changes in the privacy field!

What’s new in privacy? 

Below are some of the most notable news in privacy from this month: 

1. Otter.ai faces privacy lawsuit. The popular notetaking app Otter.ai is facing a class action lawsuit in California that alleges that the company records all users without their consent and uses their voices to train speech recognition AI tools. Read more here.
2.  AT&T settles data breach lawsuit for $177 million. Customers impacted by the breaches are eligible to receive up to $7,500. The proposed settlement stems from two cyberattacks announced in March and July of 2024, alleging that the data of AT&T cellular and landline customers was breached and uploaded to a third-party cloud platform. Learn more here. 
3. Instagram’s maps feature raises privacy concerns. Instagram has recently released a new feature where, when users click on the map, it shows the geolocation of users who have opted into sharing their location. After the feature was unveiled, privacy concerns were voiced, stating that individuals have reported that their geotagged stories are appearing on the maps even when they opt out of the sharing of their live location. Read more here.
4. Farmers Insurance under investigation for data breach. Farmers Insurance Exchange, a California-based company, is under investigation for a data breach that led to the unauthorized access of the sensitive information of over 1 million of their customers. Although the breach occurred in May 2025, the company did not begin notifying affected customers until August, 2025, which may have violated state and federal laws. Read more here.
5. Google to pay $30 million to settle children’s privacy lawsuit. Google will pay $30 million to settle a class action lawsuit claiming that the company violated children’s privacy on YouTube. The lawsuit alleges that Google collected data from children watching YouTube videos, which is not permitted under COPPA. Learn more here. 
6. Investigation finds that at least 35 data brokers hid opt-out information from search results. The Markup/CalMatters investigation of data brokers found that at least 35 brokers obscured their opt-out tools by hiding them from Google and other search results. Consumers claim that this action may be an illegal dark pattern as it may prevent individuals from finding these opt-out pages, thereby preventing them from exercising their privacy rights. Learn more here. 
7. “The Panama Playlists” exposes the Spotify listening habits of about 50 prominent individuals. Playlists of Marc Benioff (the founder of Salesforce), Jacob Helberg, and Sam Altman were exposed. In addition, the music habits of two New York Times reporters, Mike Isaac and Kashmir Hill were exposed as well. The individual who released the lists built a series of bots that automatically scraped the Spotify listening data of dozens of political, media, and entertainment figures. Read more here. 
8. Office of the Privacy Commissioner of Canada releases new guidance for processing biometrics. The document provides guidance to private organizations on their privacy obligations when handling biometric information, including purpose determination, consent, limits and security requirements. Learn more here. 
9. UK Information Commissioner’s Office begins consultations on cookies and online advertising. The Commissioner’s Office is seeking comments on when consent is required for the use of cookies and whether low-risk forms of tracking for advertising could be permitted without explicit consent. Read more here. 
10. Texas Attorney General opens investigation into AI developers. The investigation alleges that two AI developers engaged in deceptive trade practices and misleadingly marketing AI platforms as mental health tools. Read more here. 

What privacy bills are we tracking? 

As part of our service, we keep track of privacy bills that would affect the way Privacy Policies are written. Below is our most recent list of privacy bill proposals in the United States. You can access the privacy bill tracker any time on our blog.

• Georgia – GA SB111;
• Hawaii – HI SB1037;
• Illinois – IL HB3385;
• Illinois – IL SB3517;
• Illinois – IL SB52;
• Illinois – IL HB3041;
• Maine – ME HB710/HB1088;
• Maine – ME HB1220;
• Massachusetts – MA SB33;
• Massachusetts – MA HB104;
• New York – NY S2277;
• New York – NY SB365;
• New York – NY SB3162;
• New York – NY AB4374;
• North Carolina – NC – HB462;
• North Carolina – NC – SB757;
• Oklahoma – OK H1012;
• Pennsylvania – PA HB78;
• Pennsylvania – PA SB112;
• Vermont – HB208;
• Vermont – SB93; and
• West Virginia HB2953

Events

Here are some great virtual events that you can attend to learn more about the hottest issues in privacy and meet other privacy professionals: 

1. Mastering AI Governance: what you need to know about the AIGP Certification – September 9; 
2. Pixels, Privacy and Practicality: Navigating Tracking Technologies – September 16; 
3. Privacy Law and AI: What’s New and What You Should Know – September 24.

Conclusion

That’s it! Before you go, be sure to check out our new Coverage page. We sat down and listed out all 120+ laws, rules and regulations covered by our Privacy Policy Generator — far more than any of our competitors.

See you next month!