Blog

Texas AG Prepares for “Aggressive Enforcement” of Privacy Laws

Julie Rubash, General Counsel and Chief Privacy Officer
June 10, 2024
Texas Attorney General announced a team focused on aggressive enforcement of Texas privacy laws

USA

Texas AG Prepares for “Aggressive Enforcement” of Privacy Laws

Texas Attorney General Ken Paxton announced a “data privacy and security initiative”, establishing a team focused on “aggressive enforcement” of Texas privacy laws to “ensure companies respect Texans’ privacy rights and safeguard their personal data”.

TAKEAWAY

The Texas Data Privacy and Security Act takes effect July 1, 2024, the same day as the Oregon Consumer Data Privacy Act. Most of the Texas law borrows elements from existing privacy laws, but there are also some unique new elements, in particular with respect to sensitive data. For example, the Texas law requires specific language (“NOTICE: we may sell your sensitive personal data”) be disclosed with the privacy notice, where applicable. The Texas AG’s June 4 announcement specifically cited “sensitive data”, warning “any entity abusing or exploiting Texans’ sensitive data will be met with the full force of the law”, so companies doing business in Texas, particularly if sensitive data is involved, may want to pay attention to the Texas nuances before the July 1 effective date.  


Get the up-to-date Sourcepoint overview of US state consent and data privacy laws.

California Court Denies Google’s Motion to Dismiss CIPA Class Action

A class action (Case No.  23-cv-03527-PCP) alleging that Google violated the California Invasion of Privacy Act (CIPA), the federal Wiretap Act and the Florida, Texas and Illinois wiretapping statutes by collecting financial data through Google Analytics tools installed on several tax preparation websites has overcome Google’s motion to dismiss. Google will have until July 18 to answer or respond to the complaint. 

TAKEAWAY

The specifics of the Court’s responses to Google’s arguments may provide some useful insights to help both third-party vendors and first-party websites navigate CIPA compliance in the context of tracking and analytics tools. Specifically, the Northern District of California judge denied Google’s arguments that: (1) plaintiffs consented to the tax sites’ use of Google Analytics through terms of service and privacy policies; (2) that Google acted as a “mere vendor” of a tool that allows websites to record their own interactions with their users; and (3) that the complaint didn’t adequately plead Google’s intent or the specific contents of communications transmitted to Google. 

In response to these arguments, the court found that: (a) the mere existence of terms of service and privacy policies was insufficient to establish consent; and (b) that if, as plaintiffs’ suggest, Google read or used the data collected about users, then Google was not simply a vendor of a tool that websites can use to record their own users’ interactions on their websites; (c) that the plaintiffs’ allegations that Google would have known of, or at best turned a blind eye to, the use of its tools to collect users’ tax information was sufficient to plead Google’s willfulness; and (d) allegations of the kinds of information that the tax filing services would have been able to transmit and the mechanism for transmission were sufficient to state a claim that the contents or meaning of plaintiffs’ confidential information were read and/or used by Google.

A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.

Latest Blog Posts

FTC and Sensitive Location Data; New Pen Register Class Actions

December 9, 2024

FTC takes action against the sale of sensitive data...

California CPPA Issues Notice of Proposed Rulemaking

November 25, 2024

News out of California this week. The CPPA moved...

Mitigating risk under the Video Privacy Protection Act (VPPA)

November 23, 2024

Because VPPA is just one of many tools being...

Latest White Papers

E-book: Enterprise Guide To Cookie management & Tracker List Curation

July 1, 2024

How to review the tracking tech on your websites...

Benchmark Report: US Privacy Compliance

August 19, 2022

The current state of publisher compliance with CCPA, and...

Keep in touch

Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.

Let's explore what we can do together.

We'll be in touch within 48 hours

[contact-form-7 id="593" title="Schedule a Demo"]