Texas AG Prepares for “Aggressive Enforcement” of Privacy Laws

Julie Rubash, General Counsel and Chief Privacy Officer
June 10, 2024
Texas Attorney General announced a team focused on aggressive enforcement of Texas privacy laws


Texas AG Prepares for “Aggressive Enforcement” of Privacy Laws

Texas Attorney General Ken Paxton announced a “data privacy and security initiative”, establishing a team focused on “aggressive enforcement” of Texas privacy laws to “ensure companies respect Texans’ privacy rights and safeguard their personal data”.


The Texas Data Privacy and Security Act takes effect July 1, 2024, the same day as the Oregon Consumer Data Privacy Act. Most of the Texas law borrows elements from existing privacy laws, but there are also some unique new elements, in particular with respect to sensitive data. For example, the Texas law requires specific language (“NOTICE: we may sell your sensitive personal data”) be disclosed with the privacy notice, where applicable. The Texas AG’s June 4 announcement specifically cited “sensitive data”, warning “any entity abusing or exploiting Texans’ sensitive data will be met with the full force of the law”, so companies doing business in Texas, particularly if sensitive data is involved, may want to pay attention to the Texas nuances before the July 1 effective date.  

Get the up-to-date Sourcepoint overview of US state consent and data privacy laws.

California Court Denies Google’s Motion to Dismiss CIPA Class Action

A class action (Case No.  23-cv-03527-PCP) alleging that Google violated the California Invasion of Privacy Act (CIPA), the federal Wiretap Act and the Florida, Texas and Illinois wiretapping statutes by collecting financial data through Google Analytics tools installed on several tax preparation websites has overcome Google’s motion to dismiss. Google will have until July 18 to answer or respond to the complaint. 


The specifics of the Court’s responses to Google’s arguments may provide some useful insights to help both third-party vendors and first-party websites navigate CIPA compliance in the context of tracking and analytics tools. Specifically, the Northern District of California judge denied Google’s arguments that: (1) plaintiffs consented to the tax sites’ use of Google Analytics through terms of service and privacy policies; (2) that Google acted as a “mere vendor” of a tool that allows websites to record their own interactions with their users; and (3) that the complaint didn’t adequately plead Google’s intent or the specific contents of communications transmitted to Google. 

In response to these arguments, the court found that: (a) the mere existence of terms of service and privacy policies was insufficient to establish consent; and (b) that if, as plaintiffs’ suggest, Google read or used the data collected about users, then Google was not simply a vendor of a tool that websites can use to record their own users’ interactions on their websites; (c) that the plaintiffs’ allegations that Google would have known of, or at best turned a blind eye to, the use of its tools to collect users’ tax information was sufficient to plead Google’s willfulness; and (d) allegations of the kinds of information that the tax filing services would have been able to transmit and the mechanism for transmission were sufficient to state a claim that the contents or meaning of plaintiffs’ confidential information were read and/or used by Google.

A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.

Latest Blog Posts

Vermont Data Privacy Bill Is Vetoed

June 17, 2024

Vermont Governor announced his veto of a bill that...

You Are Who You Work With: Cookie Consent and Data Privacy

June 11, 2024

Who you work with for consent management and data...

Texas AG Prepares for “Aggressive Enforcement” of Privacy Laws

June 10, 2024

Texas Attorney General announced a data privacy and security...

Latest White Papers

Benchmark Report: US Privacy Compliance

August 19, 2022

The current state of publisher compliance with CCPA, and...

Ebook: A Publisher’s Guide to Vendor List Curation

December 16, 2021

How to review your vendor list to mitigate compliance...

Keep in touch

Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.

Let's explore what we can do together.

We'll be in touch within 48 hours

[contact-form-7 id="593" title="Schedule a Demo"]