On July 12, 2025, a class action lawsuit was filed against SHEIN for allegedly violating the Telephone Consumer Protection Act (TCPA) by sending marketing text messages to numbers listed on the National Do-Not-Call Registry without prior consent. The plaintiff, whose number was registered in April 2025, continued receiving promotional texts in June, well past the required 31-day buffer. The case emphasizes that TCPA rules apply not only to calls but also to automated SMS marketing, requiring companies to prove consent, honor opt-outs, and now comply within 10 business days following an FCC order in April 2025. This lawsuit highlights stricter enforcement of consumer privacy protections against unsolicited marketing communications.
South Korea's Personal Information Protection Commission fined Meta 21.6232 billion KRW for improperly collecting and processing sensitive user information, denying access requests, and causing a data leak. The Commission ordered Meta to implement stronger data protections and ensure lawful handling of sensitive data.
Oracle has proposed a $115 million settlement to resolve a class action lawsuit accusing the company of unlawfully collecting and selling users' data without consent.
The Dutch Data Protection Authority (AP) has imposed a record €290 million fine on Uber for illegally transferring the personal data of EU drivers to the United States without adequate safeguards. This marks the third penalty against Uber by the AP, following an investigation triggered by complaints from French drivers.
South Korea's Personal Information Protection Commission fined Alibaba.com Singapore E-Commerce Private Limited approximately $1.43 million for violating the country's Personal Information Protection Act by improperly transferring user data across borders.
Brazil's Federal Public Ministry and the Brazilian Institute of Consumer Protection filed a lawsuit against WhatsApp, seeking 1.7 billion reais in damages for collective mental anguish caused by alleged violations of privacy regulations.
The Italian Antitrust Authority (AGCM) has fined Meta 3.5 million euros for data privacy violations on its social platforms, Facebook and Instagram. The AGCM found that Meta engaged in illegal collection of user data, violating consumer protection laws.
The Personal Information Protection Commission (PIPC) of South Korea has fined Kakao Corporation 15.14 billion KRW for violating the Personal Information Protection Act (PIPA).
AT&T has been fined $57 million by the Federal Communications Commission (FCC) for illegally disclosing customer location data. The FCC found that AT&T leaked customer proprietary network information (CPNI) without consent, violating regulations.
Uber has been fined €10 million by the Dutch Data Protection Authority (AP) for not fully disclosing their data retention policies and obstructing drivers' rights to access their own data.
CNIL found that Amazon's tracking system, which measures employee activities and performance, violated GDPR principles such as data minimization, lawful processing, notification and transparency obligations, and data security.
Recent global enforcement actions underscore the significance of compliance in direct marketing in the digital age.