U.S. companies hit with record fines for privacy in 2025

· policy · Source ↗

TLDR

  • US states issued $3.45B in privacy fines in 2025, more than the prior five years combined, per Gartner.

Key Facts

  • California’s CPPA pursued violators across tech, auto, and consumer goods, including small and mid-sized companies.
  • Ten states formed the Consortium of Privacy Regulators to coordinate cross-state investigations and enforcement.
  • Gartner says regulators have shifted “from awareness to full scale enforcement” and expects fines to rise further.
  • House Republicans introduced a federal privacy bill that would preempt stricter state laws like California’s CCPA.

Why It Matters

  • Companies that let privacy programs atrophy during the low-enforcement years now face a sharply more aggressive enforcement environment.
  • State regulators are extending enforcement to AI data practices, targeting how personal data is used to train models.

Derek B. Johnson, CyberScoop · 2026-04-28 · Read the original

Related coverage