Key developments
Four states add privacy restrictions
JD Supra's Agnish Chakraburtty, Emily Clayton, Rachel LaBruyere, and Karin McGinnis reported that Oklahoma and Alabama enacted comprehensive consumer privacy laws, bringing the national total to 21 states. The article also noted Virginia's ban on selling precise geolocation data, Kentucky's expansion of sensitive data to include automated content recognition data, and California CalPrivacy's support for AB 1542 to bar the sale or sharing of sensitive personal information.
Why it matters
The state-law patchwork keeps expanding, forcing businesses to revise notices, consent, opt-outs, and data governance on multiple timelines.
Sources & driving stories
JD SUPRA · Agnish Chakraburtty, Emily Clayton, Rachel LaBruyere, Karin McGinnis
JD Supra coverageInstructure breach exposes Canvas user data
TechRadar reported that Instructure disclosed a cyberattack on its Canvas learning platform and said attackers accessed identifying information including names, email addresses, student ID numbers, and user communications. The company said passwords, dates of birth, government identifiers, and financial data were not involved, and it has revoked credentials, patched systems, and brought in outside forensic help. University of Nevada and Portland Public Schools separately said they were reviewing whether their students' data was affected.
Why it matters
The incident reaches widely used education software, potentially affecting students and staff across multiple institutions.
Sources & driving stories
TECHRADAR
TechRadar coverageUNIVERSITY OF NEVADA
University of Nevada coverageKOIN · Aimee Plante
KOIN coverageMeta expands AI age checks
BetaNews reported that Meta is expanding AI-based underage-user detection across Instagram Reels, Instagram Live, Facebook Groups, and more countries, using profile, post, comment, caption, photo, and video signals rather than facial recognition. Ubergizmo separately cited Internet Matters' survey of 1,000 young people in the U.K., finding about half think current age-verification blocks are easy to bypass, with some using fake mustaches to fool face-based systems.
Why it matters
Age-assurance systems are getting more aggressive, but the reporting shows they remain easy to evade and raise privacy tradeoffs.
Sources & driving stories
BETANEWS
BetaNews coverageUBERGIZMO
Ubergizmo coverageWorth noting
WORTH NOTING
Erie County bans commercial biometrics
The county became the first in New York to prohibit private biometric data collection for commercial use, a notable local privacy precedent.
WORTH NOTING
Spain fines Décimas after breach
Spain's watchdog issued a €120,000 penalty after customer identity data was sold online, underscoring continued enforcement around breach prevention and remediation.
Still unclear
OPEN QUESTION
Which institutions were actually affected by the Instructure breach?
Notifications suggest multiple schools may be involved, but the full scope and exact data categories are still being clarified.
OPEN QUESTION
Will age-verification rules become enforceable privacy standards?
Meta's rollout, the bypass study, and local biometric restrictions point to a gap between technical controls and binding policy.