The Minnesota Consumer Data Privacy Act takes effect July 31, 2025. The Minnesota measure has a few unique requirements among state comprehensive privacy law. Here are a few that deserve a second look...more
On July 24, 2025, the California Privacy Protection Agency (CPPA) Board held a public meeting to finalize major amendments to the CCPA regulations, including rules on Automated Decision-Making Technology (ADMT), risk...more
On June 25, 2025, Governor Ned Lamont signed Connecticut Senate Bill 1295 into law. SB 1295 significantly amends the Connecticut Data Privacy Act (CTDPA) by lowering the threshold for applicability, broadening the definition...more
On June 22, 2025, Texas Governor Greg Abbott signed the Texas Responsible AI Governance Act (TRAIGA) into law. While earlier versions of the bill mirrored broader frameworks like the EU AI Act, the final version scales back...more
A federal court in Illinois has dismissed a class action suit filed under the Illinois Biometric Information Privacy Act (BIPA), finding that Hyundai did not “collect, capture, or otherwise obtain” biometric data by use of...more
In a significant win for the defense, a California federal judge denied class certification in a California Invasion of Privacy Act (CIPA) suit alleging that AddShoppers and Peet’s Coffee unlawfully tracked website visitors...more
7/2/2025
/ California ,
CIPA ,
Class Action ,
Class Certification ,
Cookies ,
Data Collection ,
Data Privacy ,
Invasion of Privacy ,
Litigation Strategies ,
Privacy Laws ,
Web Tracking ,
Websites
The New Jersey Division of Consumer Affairs has released proposed rules to implement the New Jersey Data Privacy Act (NJDPA). For covered businesses, these proposed rules demand close attention—not only for their substantive...more
Here are some recent privacy and cybersecurity related news stories that caught our attention over the past couple of weeks.
California Privacy Protection Agency (CPPA) Issues New Proposed Regulations -
The CPPA has...more
In case you missed it: Michigan’s Attorney General has filed a lawsuit against Roku, alleging that the company collects and shares children’s personal data and video viewership data in violation of COPPA and the VPPA,...more
On January 16, 2025, the Federal Trade Commission (FTC) published its Final Rule officially adopting updates to the Children’s Online Privacy Protection Act (COPPA). For a comprehensive overview of these changes, be sure to...more
The U.S. Department of Justice (DOJ) has issued a final rule that significantly restricts the transfer of bulk sensitive personal data and government-related data to certain foreign entities deemed countries of concern....more
Overview -
In 2024, lawsuits targeting companies for their use of commonly deployed digital tracking technologies, such as pixels, and session replay tools proliferated. Frequently used on apps and websites, tracking...more
As state-level privacy laws continue to expand in the absence of federal legislation, businesses must prepare to meet a growing patchwork of requirements or risk penalties and reputational harm. In 2025, eight additional...more
With increasing scrutiny on how companies handle personal data of children under 18, several new laws are reshaping the legal landscape. Even companies that may not intend to direct their services to children still need to be...more
Companies frequently wish to record telephone conversations related to their operations, customers, or business transactions. In response, the U.S. Congress and most state legislatures have enacted statutes and regulations...more
Companies frequently wish to record telephone conversations related to their operations, customers, or business transactions. In response, the U.S. Congress and most state legislatures have enacted statutes and regulations...more
General Background -
On May 17, 2024, Governor Jared Polis of Colorado enacted the Colorado Artificial Intelligence (AI) Act (CAIA), marking a significant milestone as what its sponsor calls a “chassis,” an initial...more
In an era where digital privacy is increasingly under threat, the recent deepfake incident involving the globally renowned artist, Taylor Swift, has catapulted the issue of nonconsensual pornography to center stage. This...more
The California Privacy Protection Agency (the “Agency”) may start enforcing privacy regulations according to a recent decision from the California Third District Court of Appeal. The privacy regulations at issue stem from the...more
The Colorado Department of Law has published its Universal Opt-Out Shortlist under the Colorado Privacy Act (“CPA”). This is eagerly awaited guidance for organizations who are subject to the CPA as the guidance provides...more
On December 8, 2023, the EU announced that Parliament and Council negotiators “had reached a provisional agreement on the Artificial Intelligence Act.” Negotiators had been under pressure to resolve differences to maintain...more
Privacy impact assessments (PIAs) and/or data protection impact assessments (DPIAs) have formed the practical basis for evaluating initiatives involving personal data in order to comply with various legal requirements for...more
With the passage of numerous comprehensive state laws, many U.S. companies are now subject to a formal requirement to complete a Privacy Impact Assessment (“PIA”). While the various state and international PIA requirements...more
On October 30, 2023, the Biden-Harris Administration issued an Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (the “EO”) in an effort to advance American leadership and...more
Generative artificial intelligence (“GenAI”) and GenAI tools like ChatGPT have a significant opportunity to revolutionize how many organizations do business. GenAI tools allow users to brainstorm ideas, quickly generate...more