Welcome to July's GrailMail! We’re back with essential updates, in depth analysis, and actionable insights to help you stay ahead of the curve in the data privacy landscape.
View in browser
DataGrail-Logo-HorizontalLockup-969690
GrailMail_Hero_Update_240531
 

Happy July, folks. ☀️

 

This month’s newsletter is packed with expert guidance, product updates, and must-read content to help you stay ahead.

 

Let’s dive in.👇

 

The data privacy landscape is evolving rapidly, driven by heightened consumer awareness and stricter regulations. With a 43% year-over-year increase in total Data Subject Request (DSR) volume and data deletion requests now accounting for 82% of all DSRs, organizations face mounting pressure to adapt to these trends while managing rising compliance costs.

 

Join us tomorrow at 9am PT as we sit down with privacy professionals from BDO, Mammoth Brands, and the Better Business Bureau for an in-depth discussion on DataGrail’s 2025 Data Privacy Trends Report.

Privacy Trends Webinar Header-1

In this webinar, we’ll explore:

  • Key trends in Data Subject Requests (DSRs) in 2024 reveal an emerging pattern: privacy requests to data brokers made up the highest volume of requests across all industries.
  • The escalating costs of privacy compliance and what it means for your organization.
  • Benchmarks to help you navigate shifting privacy expectations and legislation.
Register here

GrailMail Headers

Stay ahead of the curve with July’s top data privacy headlines. From rising lawsuits to a surge in data broker activity, the message is clear: brands that overlook privacy are putting their business—and customer trust—on the line.👇

 

💰 Meta investors settle $8bn lawsuit with Zuckerberg over Facebook privacy

  • Mark Zuckerberg has agreed to settle a multibillion dollar lawsuit with a group of shareholders over how top executives and directors at Meta handled repeated privacy violations by Facebook. Read more here.

👩🏻‍💻 Hundreds of registered data brokers ignore user requests around personal data

  • Researchers in California contacted data brokers in their state to exercise their rights under the California Privacy Protection Act. Many didn’t reply, while others threw up barriers. Read more here.

🍪 California’s Proposed Website Cookie Legislation Stalled

  • A California bill aimed at curbing the explosion of lawsuits filed against businesses using common website tools such as cookies, pixels, and session replay software has stalled out in the 2025 legislative session, meaning businesses will remain vulnerable to the newest type of privacy litigation for at least the next year. Read more here.

💼 Christian Dior Hit With Class Privacy Suit Following Data Breach

  • Christian Dior Inc. is facing a class suit alleging it failed to properly secure and safeguard personally identifiable information that was compromised in a data breach Jan. 26, 2025. Michael Toikach alleges that Dior and Christian Dior Couture SAS failed to implement reasonable data security measures, which allowed hackers to access customers’ private information including names, contact information, addresses, dates of birth, passport or ID numbers, and other data. Read more here.

Enforcement News
⚖️ Healthline hit with $1.55M CCPA fine for sharing sensitive health data

  • California’s largest CCPA settlement to date found Healthline shared article titles implying medical diagnoses, failed to honor opt-outs and Global Privacy Control signals, and misled users with a nonfunctional cookie banner. The case signals that consent tools must actually work, health data (even implied) is sensitive, and weak contracts won’t protect you. Read more here.

📄 TicketNetwork fined $85K for CTDPA violations after ignoring cure period

  • Connecticut AG William Tong announced an $85,000 settlement with TicketNetwork for failing to fix unreadable privacy notices and misconfigured rights mechanisms. This marks the first public enforcement under the CTDPA and signals that transparency gaps and broken opt-out tools will face consequences. Read more here.

🚘 Nebraska sues GM for secretly collecting and selling driver data

  • AG Mike Hilgers filed a lawsuit against GM and OnStar for collecting sensitive driving data without consent and selling it to data brokers and insurers. The case alleges consumers were misled at the point of sale and enrolled in services without proper disclosure, impacting insurance rates without their knowledge. Read more here.

Watch our recent webinar for a breakdown of upcoming U.S. privacy regulations that took effect this July in Minnesota and Tennessee, plus what to expect as the EU AI Act enters its next phase of implementation in August.

    July
    May

    GrailMail Headers (2)

    DataGrail Data Privacy Platform Updates

     

    Today’s RoPA workflows are often too manual, disconnected, and difficult to maintain. As AI and data platforms evolve, visibility into how personal data is used isn’t just a compliance requirement, it's business critical. 

     

    Our newest Live Data Map enhancements make it easier than ever to generate an audit-ready RoPA and uncover hidden AI risks in real-time, whether you’re preparing for a regulator request or building scalable data governance. 

    1. Maintain a complete, updated view of all processing activities across your business.
    2. Build and export a GDPR-ready RoPA in minutes, not weeks.
    3. Easily find and assess privacy risks, including GenAI risks, in new and existing business processes.
    Register for our upcoming webinar on building better RoPAs

    🔍 What else is new?

    • Managing consent across complex digital environments shouldn’t be a trade-off. Our latest updates to DataGrail Consent empower privacy teams by providing the flexibility, visibility, and control they need, while delivering a smoother, more seamless experience for users.
    • With the latest Privacy Request Center updates, teams can now capture structured information upfront, streamlining intake and accelerating DSR fulfillment with more control and efficiency. 
    • The new Risk Assessment PDF Export now has a more polished look and feel with our updated PDF format. The refreshed design brings your exports in line with the expectations of internal stakeholders and external auditors.

    Check out our monthly product release blog here.
    GrailMail Headers (3)

    Why Visible Privacy Risk Should Be Your First Priority

    • Consumers and regulators judge what they see first—your website, consent flows, and ability to honor user rights matter more upfront than backend code risk.
    • Once visible, user-facing risks are resolved—functional consent banners, honored opt-outs, and respected privacy rights—then it's appropriate to move deeper into assessing internal systems, shadow IT, and code.

    Think That Vendor Contract Is Safe? Run This AI Prompt First.

    • Legal, procurement, and privacy teams are under pressure to move fast—but also to protect the business from AI risk, regulatory violations, and privacy gaps. Reviewing every vendor contract like a law firm associate isn’t scalable.
    • That’s why we built an AI prompt designed to review contracts and privacy policies for legal and privacy risks—before you sign.

    How this AI Prompt Uncovered Major Privacy Risks in Minutes

    • With just a 221-word prompt, Gemini generated a 17-page privacy risk report in under four minutes. The output was sharp, structured, and thorough—more like something you’d expect from a regulator than a chatbot.
    • We ran the prompt on a major brand’s website. The results? A full audit that rivaled a formal compliance assessment, complete with clear red flags and actionable next steps.

    3 ways DataGrail supports high growth companies

    • Startups rarely consider privacy as part of their foundational organization, but quickly learn the need to address privacy as they grow. Still, without strategic management, privacy programs can suffer delays as internal stakeholders worry they could interfere with continued growth. That’s why brands like Life360, ByHeart, Feastables, and Sandbox VR trust DataGrail to keep them a step ahead of privacy risk.

    Are you passionate about privacy, legal, or security issues? Want to connect with like-minded professionals and stay ahead in a rapidly evolving landscape?

     

    Become a member of our Privacy Community!

    Privacy_Community

    We’ve got everything from privacy law updates to career tips, monthly privacy huddles, and exclusive resources tailored for the privacy community. Don’t miss out on the chance to be part of a vibrant network committed to advancing data privacy.

    See you next time! 👋

    Colleen

    This was sent to your email. If you do not wish to receive news and product updates in this format, please manage your preferences below.

    Š 2024 DataGrail, Inc. and/or its affiliates. All rights reserved.
    Various trademarks held by their respective owners.

    DataGrail, 225 Bush Street, Suite 360, San Francisco, CA 94104

    Unsubscribe Manage preferences

    DataGrail-Emblem-969690
    LinkedIn
    X
    YouTube