Key developments
Texas opens privacy probe into Meta smart glasses
Texas Attorney General Ken Paxton opened an investigation into Meta's AI-enabled smart glasses, citing concerns over facial-data collection and possible unauthorized audio or video recording. Paxton's office said the devices include cameras, speakers, and an always-enabled mode that continuously processes video for Meta AI products, and that the recording indicator can allegedly be hidden easily. The probe also points to reports that some Meta subcontractors accessed private user information without permission and asks Meta to address possible misrepresentation under Texas law.
Why it matters
It could become a state-law benchmark for always-on wearables that capture biometric and ambient data.
Sources & driving stories
BUSINESS INSIDER
Business Insider coverageErie Family Health breach may affect 570000
Erie Family Health Centers identified suspicious network activity on January 27, 2026, and investigators concluded unauthorized third-party access may have occurred between December 10, 2025 and January 27, 2026. The incident may have exposed personal and protected health information for roughly 570000 people, including names, addresses, Social Security numbers, financial account information, medical records, and health insurance data. The report says the event could create identity-theft and legal-risk exposure for the Chicago-area health network.
Why it matters
A confirmed breach this size would be a major healthcare privacy incident with broad identity-theft and PHI exposure implications.
Sources & driving stories
MORNINGSTAR
Morningstar coverageDisney sued over Disneyland facial-recognition rollout
Summer Christine Duffield filed a $5 million lawsuit after a May 10 visit to Disneyland and Disney California Adventure, alleging the parks collected biometric data from guests, including children, without clear notice or express opt-in consent. The complaint says Disney rolled out facial recognition in late April for ticket verification and reentry, turning scanned faces into numerical identifiers matched to ticket data. Disney says the identifiers are deleted within 30 days unless retained for legal or fraud-prevention purposes, and guests can avoid the system by using separate entrance lines.
Why it matters
The case tests whether consumers can meaningfully opt out of venue-based biometric systems.
Sources & driving stories
TIMES FREE PRESS
Times Free Press coverageWorth noting
WORTH NOTING
California CPPA broadens enforcement priorities
The agency said it is expanding enforcement across sectors, targeting non-registered data brokers, and exploring AI-assisted complaint triage while layering in DELETE Act obligations.
WORTH NOTING
Cleveland Flock logs show outside searches
Audit logs reportedly showed nearly 250 searches from outside Cleveland using immigration-related terms, underscoring how shared ALPR networks complicate local oversight.
WORTH NOTING
Section 702 reauthorization remains unresolved
Congress extended the surveillance authority only through June 12 while lawmakers continue debating warrant and query reforms for U.S.-person records.
Still unclear
OPEN QUESTION
What counts as meaningful biometric opt-out?
Disney's lawsuit and Texas's Meta probe both hinge on whether notice, labels, and alternate lanes are enough for facial-data capture.
OPEN QUESTION
Can California scale DELETE Act enforcement?
The CPPA says enforcement is widening, but global deletion and data-broker oversight could strain staff and tooling.