The Minnesota Consumer Data Privacy Act takes effect July 31, 2025. The Minnesota measure has a few unique requirements among state comprehensive privacy law. Here are a few that deserve a second look...more
On July 24, 2025, the California Privacy Protection Agency (CPPA) Board held a public meeting to finalize major amendments to the CCPA regulations, including rules on Automated Decision-Making Technology (ADMT), risk...more
On June 25, 2025, Governor Ned Lamont signed Connecticut Senate Bill 1295 into law. SB 1295 significantly amends the Connecticut Data Privacy Act (CTDPA) by lowering the threshold for applicability, broadening the definition...more
A federal court in Illinois has dismissed a class action suit filed under the Illinois Biometric Information Privacy Act (BIPA), finding that Hyundai did not “collect, capture, or otherwise obtain” biometric data by use of...more
In a significant win for the defense, a California federal judge denied class certification in a California Invasion of Privacy Act (CIPA) suit alleging that AddShoppers and Peet’s Coffee unlawfully tracked website visitors...more
7/2/2025
/ California ,
CIPA ,
Class Action ,
Class Certification ,
Cookies ,
Data Collection ,
Data Privacy ,
Invasion of Privacy ,
Litigation Strategies ,
Privacy Laws ,
Web Tracking ,
Websites
The New Jersey Division of Consumer Affairs has released proposed rules to implement the New Jersey Data Privacy Act (NJDPA). For covered businesses, these proposed rules demand close attention—not only for their substantive...more
Here are some recent privacy and cybersecurity related news stories that caught our attention over the past couple of weeks.
California Privacy Protection Agency (CPPA) Issues New Proposed Regulations -
The CPPA has...more
On January 16, 2025, the Federal Trade Commission (FTC) published its Final Rule officially adopting updates to the Children’s Online Privacy Protection Act (COPPA). For a comprehensive overview of these changes, be sure to...more
The U.S. Department of Justice (DOJ) has issued a final rule that significantly restricts the transfer of bulk sensitive personal data and government-related data to certain foreign entities deemed countries of concern....more
Overview -
In 2024, lawsuits targeting companies for their use of commonly deployed digital tracking technologies, such as pixels, and session replay tools proliferated. Frequently used on apps and websites, tracking...more
As state-level privacy laws continue to expand in the absence of federal legislation, businesses must prepare to meet a growing patchwork of requirements or risk penalties and reputational harm. In 2025, eight additional...more
Companies frequently wish to record telephone conversations related to their operations, customers, or business transactions. In response, the U.S. Congress and most state legislatures have enacted statutes and regulations...more
The California Privacy Protection Agency (the “Agency”) may start enforcing privacy regulations according to a recent decision from the California Third District Court of Appeal. The privacy regulations at issue stem from the...more
The Colorado Department of Law has published its Universal Opt-Out Shortlist under the Colorado Privacy Act (“CPA”). This is eagerly awaited guidance for organizations who are subject to the CPA as the guidance provides...more
Privacy impact assessments (PIAs) and/or data protection impact assessments (DPIAs) have formed the practical basis for evaluating initiatives involving personal data in order to comply with various legal requirements for...more
With the passage of numerous comprehensive state laws, many U.S. companies are now subject to a formal requirement to complete a Privacy Impact Assessment (“PIA”). While the various state and international PIA requirements...more
On October 30, 2023, the Biden-Harris Administration issued an Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (the “EO”) in an effort to advance American leadership and...more
In March of this year, we wrote about “secondary use” consent requirements under the CCPA and Colorado’s CPA. Since that post, the number of U.S. state privacy laws has roughly doubled. Determining consent requirements under...more
Kilpatrick Townsend’s Meghan Farmer, Alex Borovsky, Jennie Cunningham, and Zain Haq recently presented “Navigating the New Data Privacy Landscape” at an event sponsored by the Association of Corporate Counsel Nation Capital...more
Kilpatrick Townsend’s Meghan Farmer, Alex Borovsky, Jennie Cunningham, and Zain Haq recently presented “Navigating the New Data Privacy Landscape” at an event sponsored by the Association of Corporate Counsel Nation Capital...more
While there is no comprehensive, federal United States law governing privacy, there are several major state laws that are currently in place. To help our clients assess their compliance posture, we have published a quick,...more
3/16/2023
/ Biometric Information ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Personal Information ,
State Privacy Laws