Data Privacy Laws

Subscribe to Data Privacy Laws via RSS

Wire transfer fraud has long been a popular target for cyber criminals.   

A case of first impression decided by the California Court of Appeal, Fourth Appellate District demonstrates the high stakes for victims of this crime. Specifically, on May 27, 2025, the Court of Appeal released an opinion addressing the issue of who bears the loss when settlement funds are fraudulently diverted via a wire transfer scam.

Key Takeaways

  • In a recent decision by the Ninth Circuit in Briskin, the court ruled that e-commerce platform Shopify purposefully directed its conduct toward California because of its nationwide operations, rejecting the need for differential targeting of a forum state.
  • Notably, the court found a direct causal nexus between Shopify’s conduct and Briskin’s claims, deeming an exercise of specific jurisdiction over Shopify in California fair and reasonable.
  • Legal scholars are concerned that the decision could broadly expand the scope of specific personal jurisdiction and increase litigation risks for online platforms.
  • Companies should reassess their data practices and anticipate forum shopping by plaintiffs following Briskin.
  • Amazon faces allegations of unauthorized data collection in violation of federal and state privacy laws, including a first-of-its-kind claim under Washington’s My Health My Data Act (“MHMDA”).
  • The MHMDA restricts businesses from collecting, sharing, or selling any-health related information about a consumer without their consent of “valid authorization”, going

Increasing oversight of tech companies, particularly in the realm of consumer privacy, has been a rare example of bipartisan agreement. Despite data privacy being a growing concern for consumers, however, there has been relatively little federal policymaking. To counteract this lack of action, some states have stepped in to fill

The Health Information Portability and Accountability Act (“HIPAA”) has long been described as the floor for health care privacy laws and that states and regulators are free to enact more restrictive health care privacy laws. Last week, Washington state became the first state in the nation to codify into law broad protections for consumer health data that go well beyond HIPAA.

As the National Security Agency (NSA) noted in its 2022 cybersecurity yearly review, “[c]yberspace is dangerous.”

Reports of sophisticated cyberattacks and ransomware threats were prevalent in the past year. The government, manufacturers, and others further developed standards for securing digital infrastructure like 5G, cloud services, cryptography, internet protocols, and

On March 2, 2023, the Federal Trade Commission (FTC) announced that it had reached a $7.8 million settlement with mental health and online counseling platform, BetterHelp, Inc. (“BetterHelp”). The FTC alleged that BetterHelp shared  consumers’ sensitive health data combined with other personal information (PI) with third party advertising platforms without first obtaining affirmative consent and allegedly contrary to certain privacy representations. The proposed order requires the company to pay $7.8 million in partial refunds to BetterHelp customers. This is the first time that the FTC has required a company to return money to its customers whose personal information was shared without consent. Going forward BetterHelp is not permitted to share sensitive health information and PI without obtaining affirmative consent from the patients and customers. BetterHelp is also required to overhaul its privacy program and request that any outside parties that received the consumers’ sensitive data delete such information.

On December 1, 2022, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) issued a Bulletin to highlight the obligations of HIPAA-covered entities and business associates when using “online tracking technologies,” or what OCR describes as “script or code on a website or mobile