The California Department of Financial Protection and Innovation (DFPI) and five other state financial regulatory agencies have taken action against Wise US, Inc. (Wise) for violations of Bank Secrecy Act and anti-money laundering laws under the Countering the Financing of Terrorism Program (“AML/CFT Program”).
In May, Montana enacted Senate Bill 297, which amends the Montana Consumer Data Privacy Act (MCDPA) to eliminate the broad exemption for financial institutions subject to the Gramm-Leach-Bliley Act (GLBA). Connecticut followed a similar path with Senate Bill 1295, which became a Public Act on June 11, 2025, and is awaiting the governor’s signature. Montana and Connecticut join an emerging group of states that no longer broadly exempt financial institutions subject to the GLBA from their state privacy laws.
On July 1, 2025 the California Attorney General announced the largest CCPA settlement to date, totaling $1.55 million. The settlement, which is awaiting court approval, was the result of an investigation by the California Department of Justice into Healthline.com’s targeted advertising and data sharing practices.
This action is the most recent in a pattern of enforcement actions taken by state attorneys general to protect consumer privacy rights. In California, the use of AdTech and tracking technologies has been a particular focus, with the Attorney General recently settling with Todd Snyder for failing to properly process opt-out requests. In this latest Complaint, the California Attorney General positions the action against Healthline as an extension of the Sephora settlement and potentially part of a broader investigation into online advertising.
At the opening of CRS2025, one story stuck with me: Georgia high school teacher Donelan Andrews booked a trip to England and, unlike most of us, actually read her travel insurance policy. Buried in the legal weeds was a hidden clause promising $10,000 to the first person who spotted it and emailed the company. She did—and she won.
In the Supreme Court TCPA decision, McLaughlin Chiropractic Associates, Inc. v. McKesson Corporation, the Court held that district courts hearing civil enforcement lawsuits under the Telephone Consumer Protection Act of 1991 (TCPA) are not bound by a prior Federal Communications Commission (FCC) interpretation of the statute. The Court ruled, six to three, that the Hobbs Act’s grant of “exclusive jurisdiction” to the courts of appeals for pre-enforcement challenges does not compel trial-level judges to adopt an agency’s reading of a statute when the same issue surfaces later in an enforcement or private civil action. As cited by the Court, the “fundamental principles of administrative law establish the proper default rule: [i]n enforcement proceedings, district courts must independently determine whether an agency's statutory interpretation is correct, rather than being bound by the agency's interpretation.”
.jpg)
.jpg)