Your company collects user data through a SaaS platform, a connected device, or a consumer-facing application. California's Delete Act created a new data broker registration and deletion portal (DROP). The FTC is pursuing enforcement actions against companies that share consumer data without adequate consent, including connected device manufacturers. State privacy laws continue to expand the definition of "data broker" beyond traditional data resellers.
If your product collects location data, biometric data, or behavioral data, you may have obligations under multiple state privacy frameworks even if you do not consider yourself a data broker. The FTC's enforcement posture under PADFAA and its connected device actions signal that the agency views data sharing practices broadly.
This collection covers the privacy enforcement actions, data broker regulations, and compliance requirements that affect technology companies handling consumer data.
The FTC sent warning letters to 13 data brokers under PADFAA. If your tech company shares user data it didn't collect directly, you could be a data broker under federal law. Fines start at $53,088.
Senator Cotton's bill would let data centers bypass FERC entirely by building off-grid power. The federal exemption is real. The state-level complications are where this gets interesting.
The FTC finalized its order against GM and OnStar, calling it an 'egregious betrayal.' If your product collects location data, this 20-year consent framework is your new compliance baseline.
Three companies have been fined a combined $164,000 in the last two months for failing to register as data brokers. S&P Global got hit for $62,600 due to an administrative error. If a Fortune 500 company can miss this, so can you.
Schedule a call to discuss how these developments affect your business.
Schedule Your Strategy Session