:

US STATES HANDED OUT $3.45B IN PRIVACY FINES IN 2025

SECURITY DESK2 MIN READ
TUE, APR 28, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

US states issued $3.45 billion in privacy-related fines to companies in 2025—exceeding the total from the previous five years combined. The surge reflects enforcement of new state privacy laws and increased scrutiny of AI and automation practices.

Privacy enforcement in the United States reached a record high in 2025, with state regulators imposing $3.45 billion in fines on companies, according to Gartner data cited by CyberScoop. The figure dwarfs cumulative penalties from 2020 through 2024, signaling a dramatic shift in how aggressively states are policing data practices. The surge stems from several converging factors: Stronger State Laws Powerful privacy statutes in California and other states have given regulators the legal teeth to pursue meaningful penalties. These laws establish clearer standards for data handling and provide enforcement mechanisms with substantial financial consequences. Interstate Coordination New partnerships between state attorneys general have amplified enforcement efforts. Coordinated actions allow states to pool resources and target companies operating across multiple jurisdictions simultaneously, increasing pressure on national players. AI and Automation Focus Regulators have sharpened their focus on privacy impacts tied to artificial intelligence and automated decision-making. As companies deploy AI systems more widely, states are scrutinizing how these technologies handle consumer data and make decisions affecting individuals. Market Context The 2025 numbers reflect a maturation of the privacy enforcement landscape. After years of fragmented state regulations and relatively modest penalties, the US is moving toward a more stringent enforcement regime comparable to Europe's General Data Protection Regulation. Companies now face mounting financial exposure across state lines. The $3.45 billion in fines represents not just penalties but also a clear signal that privacy violations carry material business risk. Organizations lacking robust data governance and AI oversight programs face particular vulnerability to enforcement actions. The trend underscores a broader regulatory shift: privacy is no longer treated as a compliance afterthought but as a core business risk requiring executive-level attention and investment.

■ SOURCES

Techmeme

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.

1H AGOIndustry Desk

Vancouver Police Department has implemented a discreet button on its website that instantly closes the page and clears browser history when clicked. The feature is designed to help domestic violence survivors quickly hide their browsing activity.

1H AGOIndustry Desk

Europe's digital identity wallet age verification system will only work on iOS and Android devices, excluding alternative mobile platforms. The technical specification has drawn criticism from privacy advocates and open-source developers.

6H AGOIndustry Desk

The Trump administration has established the Gold Eagle federal clearinghouse to enable real-time sharing of AI-related cyber threat intelligence between government agencies and private sector companies. The White House says the system is already receiving vulnerability reports and coordinating patch prioritization.

7H AGOAI Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.