MainWP Blog - Privacy

On September 30, 2025, the California Privacy Protection Agency (CPPA) announced a $1.35 million settlement with the Tractor Supply Company for allegedly violating the privacy rights of residents of California. The CPPA claimed that Tractor Supply violated California privacy requirements by failing to provide an effective mechanism to opt out of the selling or sharing of personal information, failing to have the required disclosures in its Privacy Policy, and failing to have the appropriate contractual protections when disclosing personal information Continue reading the post...

On September 14, 2025, the major provisions of the EU Data Act went into effect, affecting companies producing connected products, offering related services, and third parties that may receive data from a connected device (even if the company is not located in the EU). The Act provides new rights to access data, implements new product design requirements, makes it easier for consumers to switch between providers, imposes new contract requirements, and more. In this article, we will discuss the major Continue reading the post...

On June 22, 2025, the Governor of Texas signed the Texas Responsible Artificial Governance Act (TRAIGA) into law, prohibiting the development of AI systems for certain purposes, protecting consumers, and developing a sandbox program. This new law goes into effect on January 1, 2026 and includes numerous notable provisions for developers of AI systems, which are discussed below.  Who does the Act apply to?  The TRAIGA applies to any person who:  Promotes, advertisers, or conducts business in Texas;  Produces a Continue reading the post...

Like it or not, most of us are exposed to or interact with AI tools almost daily. We may interact with an AI chatbot on a website, ask ChatGPT whether cats can eat pancakes, use Fathom to help us take notes during meetings, use Gemini to help us respond to emails, or even have AI analyze our X-rays. While AI can certainly be a very helpful tool, it is not without its risks. As AI becomes more and more integrated Continue reading the post...

As a privacy attorney, I wish that I had a dollar for every time someone told me that they are fully compliant with all privacy laws because they have a GDPR compliant Privacy Policy, they provide GDPR privacy rights to everyone, or they ensure that their employees follow the GDPR rules for processing personal data. Since GDPR is one of the strictest privacy laws out there, many business owners assume that if they are compliant with GDPR, they will automatically Continue reading the post...

We all make mistakes. Maybe we hold the door for a stranger to be polite, allowing them to enter our building, ignore a warning to update our browsers because we have a busy day ahead of us, or allow a coworker to log into our email to resolve a customer issue. While these actions may seem innocuous, they can lead to extremely costly security incidents and data breaches. In fact, recent studies have found that 88% of cybersecurity breaches were Continue reading the post...

As more and more privacy laws go into effect every year, privacy compliance obligations are only increasing for businesses. For example, you may now be required to allow customers to delete their data, be more careful as to who receives your marketing emails, and include privacy checkboxes on every form on your website. These types of obligations can affect every part of your business and every employee. Since most privacy violations are caused by employee mistakes, it is imperative that Continue reading the post...

Have you ever had a conversation in your home and Siri turns on without you saying the activation phrase, “hey Siri”? Or maybe you’re discussing couch options with your spouse and all of a sudden you are seeing endless ads for couches even though you never searched for a couch on your phone. Well, it seems like this creepy mystery has finally been solved – a lawsuit alleging that Apple’s Siri has been eavesdropping on conversations is being settled for Continue reading the post...

The Dutch Data Protection Authority (DPA) has issued a fine of €4.75 million penalizing Netflix due to alleged violations of the General Data Protection Act (GDPR). An investigation started in 2019 by the DPA found that Netflix failed to provide individuals with sufficient information in its Privacy Policy and in its responses to data subject access requests. Since GDPR and the DPA’s decision provides important details regarding the information that needs to be provided to individuals, this case is a Continue reading the post...

EU Cyber Resilience Act: What you need to know  How many connected or “smart” devices do you have in your home? From Amazon Alexa to the Ring doorbell, to smart refrigerators, to smart lightbulbs, connected devices don’t just help us manage our households, they also introduce serious cybersecurity risks. In fact, there were over 112 million Internet of Things (IoT) cyber attacks worldwide in 2022. These attacks can range from the hacking of baby monitors to watch a mother breastfeed Continue reading the post...