In recent weeks, a wave of headline-grabbing privacy controversies has swept across North America, putting tech giants and public officials alike under intense scrutiny. From the corridors of Canadian government buildings to the courtrooms of California and the legislative chambers of New Mexico, the question of how personal data is collected, protected, and potentially misused has never been more urgent—or more contentious.
On September 23, 2025, Canadian privacy authorities delivered a pointed rebuke to TikTok, the wildly popular video-sharing platform. According to federal Privacy Commissioner Philippe Dufresne, TikTok’s current efforts to keep children under 13 off its platform and prevent the collection and use of their sensitive personal information are “inadequate.” In a statement reported by The Associated Press, Dufresne insisted, “TikTok must do more to keep underage children off its platform and must better explain its data collection practices, especially to youth.”
This assessment came after a joint investigation by federal, Quebec, Alberta, and British Columbia privacy commissioners, launched in 2023. The findings were sobering: in Quebec alone, a staggering 40% of young people aged 6 to 17 have a TikTok account, including 17% of children between 6 and 12. These numbers, officials say, highlight the platform’s deep reach into the lives of Canadian youth—despite TikTok’s official policy that the service is not intended for anyone under 13.
British Columbia Privacy Commissioner Michael Harvey expressed concern over the platform’s use of advanced facial and voice analytics, which, when combined with location data, allow TikTok to build detailed profiles of users. Harvey noted, “What information was being collected with these facial and voice analytics and how they were always being used in combination with things like your location, information to create elaborate inferences about users, like what their spending power was and to use that, to then to decide what content, including advertising to feed back to them.”
In response, TikTok has agreed to enhance its methods for keeping underage users off the platform and to strengthen its privacy communications. But Dufresne was clear: “There’s some steps that they still have to take. … For the moment, we find it’s conditionally resolved. We are going to be monitoring the situation.” He also criticized the company’s privacy policies, describing them as lacking in detail and difficult for users—especially young people—to find and understand.
These developments come against a backdrop of rising governmental concern about TikTok’s data practices and its Chinese parent company. Last year, the Canadian government stopped short of banning the app outright but ordered the dissolution of TikTok’s Canadian business following a national security review. Meanwhile, in the United States, President Donald Trump has floated the idea that prominent billionaires like Rupert Murdoch and Michael Dell could be part of a deal to bring TikTok under American control—a move that would have major implications for the platform’s future.
But TikTok isn’t the only tech titan facing the heat. In early September 2025, a federal jury in California ordered Google to pay a whopping $425 million for violating state privacy laws between 2016 and 2024. According to Reuters, the class action suit, filed in 2020, alleged that Google continued to collect data on some 98 million users even after they had explicitly turned off tracking.
Google, for its part, has pushed back. Company spokesperson Jose Castaneda told Reuters, “This decision misunderstands how our products work. Our privacy tools give people control over their data, and when they turn off personalization, we honor that choice.” The company maintains that users always had the tools to opt out of tracking and that it respected those choices. Nonetheless, Google plans to appeal the decision.
Privacy advocates, however, see the verdict as a long-overdue victory. Nivedita Murthy, a senior staff consultant at Black Duck, was quoted as saying, “This class action lawsuit is a win for people’s privacy as today user data is valuable information that drives sales and investments in projects.” She emphasized that users should be in full control of how their data is used—a principle that regulators and courts are now more willing to enforce.
Google did admit that even when users turned off the Web & App Activity function, businesses like Uber and Amazon that use Google Analytics could still collect certain data—though the company characterized this as “nonpersonal, pseudonymous, and stored in segregated, secured and encrypted locations.” The plaintiffs, however, argued that Google’s data collection practices extended to hundreds of thousands of smartphone apps and included major players like Uber, Lyft, Alibaba, Amazon, Instagram, and Facebook.
Regulatory pressure is mounting on multiple fronts. Just weeks before the California verdict, the French data protection agency CNIL fined Google $379 million for failing to obtain user consent for advertising cookies in Gmail. According to CNIL, Gmail users who activated so-called “smart features” saw advertising messages inserted between their private emails without their explicit consent. The agency ordered Google to stop this practice within six months and to ensure that valid consent is obtained for advertising cookies when new Google accounts are created.
Murthy, the privacy consultant, cautioned users to remain vigilant, advising, “Users should be aware and keep an eye out for privacy check popups that ask them to accept cookies or terms and conditions, for example, every time they access a new website or an application.”
Meanwhile, privacy concerns are not limited to the private sector. In New Mexico, lawmakers grilled the state Ethics Commission chair on September 24, 2025, about a lawsuit alleging that state probation officers referred immigrants under their supervision to federal immigration authorities in apparent violation of a new state law. The Nondisclosure of Sensitive Personal Information Act, which went into effect July 1, 2025, prohibits state employees from sharing private information—including immigration status—with non-state actors such as ICE.
Senator Antoinette Sedillo Lopez, a sponsor of the law, expressed her outrage during a legislative hearing: “I was outraged that so soon after it was passed, that these probation officials would [allegedly] violate it so blatantly.” The Ethics Commission’s lawsuit alleges that probation officers lured at least three immigrants to their offices under false pretenses so they could be detained by ICE. These individuals have either been deported or remain in ICE custody.
The lawsuit claims the practice initially targeted “problem probationers”—those convicted of serious crimes or difficult to supervise—but has since expanded to anyone suspected of unlawful presence. The commission is now seeking a judge’s declaration that it can proceed with a lawsuit against the state Corrections Department for its employees’ alleged conduct. Corrections Secretary Alisha Tafoya, who has not yet been served with the lawsuit, declined to comment or appear at the hearing, according to legislative records.
As these stories unfold, one thing is clear: the debate over privacy, data protection, and the rights of individuals versus the interests of corporations and governments is reaching a fever pitch. With regulators, courts, and lawmakers all stepping up their oversight, the coming months promise to bring even more twists and turns in the ongoing struggle to safeguard personal information in the digital age.