If you use a bot powered by artificial intelligence to interact with consumers, you need to disclose it.
A new law in Maine that goes into effect in September 2025 requires businesses to notify consumers in a clear and...more
Many U.S. states have recently added provisions regarding “minors” that greatly exceed what is required under the Children’s Online Privacy Protection Act (COPPA). In short, the new laws generally apply to people under 18,...more
7/31/2025
/ Advertising ,
Compliance ,
Consumer Protection Laws ,
COPPA ,
Data Privacy ,
Minors ,
New Legislation ,
Online Safety for Children ,
Personal Data ,
Personal Information ,
State Attorneys General ,
State Privacy Laws ,
Websites
Employers are increasingly monitoring and filtering the web browsing habits of employees.
The Commission Nationale de l’Informatique et des Libertés (CNIL) recently released new guidance (for public comment) on how...more
7/28/2025
/ California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
CNIL ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Data Security ,
Disclosure Requirements ,
Employee Rights ,
Employees ,
EU ,
Personal Data ,
Websites
America’s AI Action Plan is out, and it has three pillars: innovation, infrastructure, and international diplomacy and security.
This is different from the (now rescinded) AI Blueprint Executive Order issued by President...more
7/25/2025
/ AI Act ,
Algorithms ,
Artificial Intelligence ,
Bias ,
Biden Administration ,
Cybersecurity ,
Data Security ,
Federal Trade Commission (FTC) ,
Government Agencies ,
Innovation ,
National Security ,
Regulatory Reform
Connecticut Attorney General William Tong recently announced his office’s first enforcement action for violations of the Connecticut Data Privacy Act. “This law has now been in effect for two years,” Tong said in a...more
7/11/2025
/ Attorney General ,
Compliance ,
Connecticut ,
Consumer Privacy Rights ,
Data Privacy ,
Disclosure Requirements ,
Enforcement Actions ,
Fines ,
Penalties ,
Privacy Laws ,
State Attorneys General ,
State Privacy Laws
New Jersey recently released draft privacy regulations, and there is a lot to unpack and process.
In this three-part series, I will break down the regulations -
Part 1: The New Personal data:
• Scraping is carved...more
6/27/2025
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
COPPA ,
Data Collection ,
Data Privacy ,
Data Protection Impact Assessments (DPIAs) ,
Data Retention ,
New Jersey ,
New Regulations ,
Opt-Outs ,
Personal Data ,
Privacy Laws ,
Proposed Rules ,
State Privacy Laws
The Attorney Generals of California, Connecticut, Delaware, New Jersey, Oregon and Vermont wrote a letter June 23, 2025 to Senate Majority Leader John Thune and Senate Minority Leader Chuck Schumer, objecting to a proposed AI...more
6/25/2025
/ Algorithms ,
Artificial Intelligence ,
Consumer Privacy Rights ,
Enforcement Actions ,
Privacy Laws ,
Proposed Legislation ,
Regulatory Reform ,
Regulatory Requirements ,
State Attorneys General ,
State Privacy Laws ,
Technology Sector
Vermont recently adopted the Vermont Age-Appropriate Design Code Act, which goes into effect on January 1, 2027. The law is enforceable by the Vermont Attorney General as an unfair or deceptive act or practice. The Attorney...more
6/18/2025
/ Algorithms ,
Biometric Information ,
Data Collection ,
Data Privacy ,
Data Sellers ,
Duty of Care ,
Minors ,
New Legislation ,
Online Safety for Children ,
Personal Data ,
Privacy Laws ,
Regulatory Requirements ,
State Privacy Laws ,
Transparency ,
Unfair or Deceptive Trade Practices ,
Vermont
Following the Federal Trade Commission’s decision in December 2023 to ban Rite Aid from using AI facial recognition, it has become crystal clear that U.S. regulators expect a risk assessment when a retailer uses facial...more
Businesses should expect to see “increased enforcement” from the California Privacy Protection Agency now that the agency has had four years to staff up and implement rules, the CPPA’s executive director said in an interview...more
6/9/2025
/ California ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Enforcement ,
Enforcement Actions ,
Enforcement Priorities ,
New Regulations ,
Personal Information ,
Privacy Laws ,
State Privacy Laws
The National Security Agency’s Artificial Intelligence, Security Center (AISC), together with the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Australian Signals...more
5/28/2025
/ Algorithms ,
Artificial Intelligence ,
Best Practices ,
Cybersecurity ,
Data Protection ,
Data Security ,
FBI ,
Government Agencies ,
National Security ,
NIST ,
Risk Management ,
UK
Actual deception, substantial injury (including through AI), kids and teens, financial institutions and employees.
Those are the key enforcement priorities of the Federal Trade Commission when it comes to data privacy...more
The Commonwealth of Pennsylvania is re-joining the U.S. state privacy law race.
State Rep. Edward Neilson recently proposed H.B 78, which features all the normal trappings of a state privacy law with a very low...more
For the second installment of this series on the new California Consumer Privacy Act (CCPA) Regs, we are looking at consumer request processes.
One major eye opener: Tracker opt-outs must be immediate and you may not be...more
5/8/2025
/ California ,
California Consumer Privacy Act (CCPA) ,
Consumer Data Requests ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Collection ,
Data Protection ,
Disclosure Requirements ,
New Regulations ,
Opt-Outs ,
Privacy Laws
New California Consumer Privacy Act (CCPA) Regs are here, with comments open until June 2.
There are a lot of issues to address, and a lot of work for companies to implement. We are talking about billions of dollars in...more
Just as the European Union is reassessing the EU AI Act, Colorado is considering a bill to narrow the scope of the Colorado AI Act before it even takes effect. Here are some points regarding SB 318 in Colorado:...more
The Federal Trade Commission is taking a hard look at marketing and advertising statements, making sure they are precise and accurate.
Here are some key takeaways from recent enforcements:...more
4/29/2025
/ Advertising ,
Consumer Protection Laws ,
Disclosure Requirements ,
Enforcement ,
Enforcement Actions ,
False Advertising ,
Federal Trade Commission (FTC) ,
Marketing ,
Misleading Statements ,
Online Reviews ,
UDAAP
Following a wave of “session replay” wiretapping lawsuits in the United States, France’s Commission Nationale de l’Informatique et des Libertés (CNIL) has launched a consultation on tools for recording and replaying browsing...more
The following is sufficient consent for the Video Privacy Protection Act and the California Invasion of Privacy Act, according to a recent decision in the U.S. District Court for the Northern District of California....more
If you are “tester” who actively seeks out privacy violations and files lawsuits to ensure legal compliance (as many class action lawsuit plaintiffs are), you do NOT have Article III standing to sue, according to a recent...more
4/8/2025
/ Article III ,
California ,
CIPA ,
Class Action ,
Data Collection ,
Invasion of Privacy ,
Motion to Dismiss ,
Privacy Laws ,
Privacy Policy ,
Standing ,
Websites
The office of the Oregon Attorney General recently releases a six-month enforcement report regarding the Oregon’s Consumer Privacy Act (OCPA). What are we discussing with our clients?...more
3/12/2025
/ Compliance ,
Consumer Privacy Rights ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Nonprofits ,
Oregon ,
Privacy Laws ,
Regulatory Requirements ,
State Privacy Laws
Is the EU AI Act a Jenga piece that can easily be removed from the regulatory tower? Here are some key points from the “AI Regulation – a critical comment” workshop at the Alpine Privacy Days Conference, courtesy of Florent...more
On the heels of the formation of the House Privacy Working Group, Congressman Brett Guthrie (KY-02), Chairman of the House Committee on Energy and Commerce, and Congressman John Joyce, M.D. (PA-13), Vice Chairman of the House...more
Hawaii’s State Data Office recently issued a series of guidance documents for its state agencies on how to handle artificial intelligence. This includes guidance on data protection, data retention and use of Generative AI....more
2/18/2025
/ Artificial Intelligence ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Retention ,
Data Security ,
Hawaii ,
Information Security ,
Privacy Laws ,
Regulatory Requirements ,
Risk Management ,
State Privacy Laws
Federal Trade Commission Commissioner Melissa Holyoak spoke last week at a conference in Miami about “a new season at the FTC.”
What can we learn from Holyoak’s comments about the FTC’s plans for AI regulation and free...more