On July 1, 2025 the California Attorney General announced the largest CCPA settlement to date, totaling $1.55 million. The settlement, which is awaiting court approval, was the result of an investigation by the California Department of Justice into Healthline.com’s targeted advertising and data sharing practices.
This action is the most recent in a pattern of enforcement actions taken by state attorneys general to protect consumer privacy rights. In California, the use of AdTech and tracking technologies has been a particular focus, with the Attorney General recently settling with Todd Snyder for failing to properly process opt-out requests. In this latest Complaint, the California Attorney General positions the action against Healthline as an extension of the Sephora settlement and potentially part of a broader investigation into online advertising.
At the opening of CRS2025, one story stuck with me: Georgia high school teacher Donelan Andrews booked a trip to England and, unlike most of us, actually read her travel insurance policy. Buried in the legal weeds was a hidden clause promising $10,000 to the first person who spotted it and emailed the company. She did—and she won.
In the Supreme Court TCPA decision, McLaughlin Chiropractic Associates, Inc. v. McKesson Corporation, the Court held that district courts hearing civil enforcement lawsuits under the Telephone Consumer Protection Act of 1991 (TCPA) are not bound by a prior Federal Communications Commission (FCC) interpretation of the statute. The Court ruled, six to three, that the Hobbs Act’s grant of “exclusive jurisdiction” to the courts of appeals for pre-enforcement challenges does not compel trial-level judges to adopt an agency’s reading of a statute when the same issue surfaces later in an enforcement or private civil action. As cited by the Court, the “fundamental principles of administrative law establish the proper default rule: [i]n enforcement proceedings, district courts must independently determine whether an agency's statutory interpretation is correct, rather than being bound by the agency's interpretation.”
With the Minnesota Consumer Privacy Act (MCPA), which takes effect July 31, 2025, Minnesota now joins the many other states, like California, that have passed laws granting enhanced data privacy rights to individuals.
In a recent decision from the U.S. District Court for the Southern District of Texas, the court granted summary judgment in favor of the defendants in a Fair Debt Collection Practices Act (FDCPA) and Texas Debt Collection Act (TDCA) case, finding three texts and three phone messages over eight weeks was not harassing and because the messages were clearly for another person, an unsophisticated consumer could not have thought defendants were attempting to collect a debt from the plaintiff.