Biometric Litigation
DE Under 3: FTC Enters the Biometric Privacy Protection Conversation
Digital Planning Podcast Episode: Understanding Biometrics and the Impact on Estate Planning
Illinois Supreme Court Clarifies BIPA Violation Accruals, Opening the Door for “Annihilative” Damage
Podcast: BIPA Trends in 2022
Immigration Insights Podcast: International Entrepreneur Parole Program & Biometrics Requirement
JONES DAY PRESENTS® The Impact of Digital Health on Research and Clinical Trials
#BigIdeas2020: Facial Recognition Technology and Employer Compliance - Employment Law This Week® - Trending News
5 Key Takeaways | Biometrics: Identifying and Mitigating Legal Risks
New biometric protections went into effect in Colorado on July 1. The Colorado Act on biometric identifiers and biometric data (the Act), House Bill 24-1130, amends the existing Colorado Privacy Act (CPA) (CO Rev Stat §...more
Governor Greg Abbott recently signed into law the Texas Responsible Artificial Intelligence Governance Act (TRAIGA or Act), which takes effect on January 1, 2026. Texas joins California, Colorado, and Utah as one of the...more
On June 22, 2025, Texas Governor Greg Abbott signed House Bill 149, the Texas Responsible Artificial Intelligence Governance Act (“TRAIGA”), into law....more
Effective January 1, 2026, the Texas Responsible Artificial Intelligence Governance Act (TX H.B. 149, 2025) takes a unique approach to AI regulation—pulling threads from the EU AI Act, Colorado's comprehensive AI statute, and...more
On June 22, 2025, Governor Abbott signed the Texas Responsible Artificial Intelligence Governance Act (TRAIGA), which will take effect January 1, 2026. Any business or government agency working with AI in Texas should take...more
On June 22, 2025, Texas enacted the Texas Responsible Artificial Intelligence Governance Act (“TRAIGA”), putting it at the forefront of state-level AI regulation in the United States. TRAIGA becomes effective January 1, 2026....more
Texas has become the second state, after Colorado, to enact omnibus legislation regulating artificial intelligence (AI) systems. On June 22, 2025, Texas Gov. Greg Abbott signed into law the Texas Responsible Artificial...more
Montana recently amended its privacy law through Senate Bill 297, effective October 1, 2025, strengthening consumer protections and requiring businesses to revisit their privacy policies that apply to citizens of Montana....more
The Oklahoma State Legislature recently enacted Senate Bill 626, amending its Security Breach Notification Act, effective January 1, 2026, to address gaps in the state’s current cybersecurity framework (the “Amendment”). The...more
Last May, Colorado Governor Jared Polis signed into law amendments to the Colorado Privacy Act ("CPA") that impose new obligations governing the collection, processing, retention, and disclosure of Coloradans' biometrics. The...more
On May 7, 2025, the Utah Artificial Intelligence Policy Act (UAIP) amendments will go into effect. These amendments provide significant updates to Utah’s 2024 artificial intelligence (AI) laws. In particular, the amendments...more
After the Children’s Online Privacy Protection Rule (COPPA) updates, proposed by the FTC’s Final Rule, were paused due to an Executive Order in January this year, many wondered whether that would be the end of the long...more
On January 8, 2025, the U.S. Department of Justice (Department or DOJ) issued new rules required by then-President Biden’s February 2024 Executive Order (EO) 14117 to establish a new regulatory framework aimed at “Preventing...more
Colorado employers could soon need to comply with the disclosure and consent requirements of the state’s privacy act when they collect biometric identifiers from employees or applicants – which would make Colorado the first...more
Seyfarth Synopsis: On August 9, 2024, Illinois joined Colorado on the list of states that have enacted legislation specifically imposing obligations and restrictions on employers’ use of artificial intelligence to make...more
On May 31, 2024, Governor Jared Polis signed into law Colorado House Bill 24-1130 (HB 1130), amending the Colorado Privacy Act (the CPA) to impose new requirements on controllers that process biometric data. The amendments go...more
Keypoint: Colorado employers and controllers that collect and process biometric data and identifiers will need to comply with disclosure, consent, and retention requirements beginning on July 1, 2025. In late April, the...more
On March 18, 2024, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) issued revised guidance on the use of tracking technologies by HIPAA-covered entities and business associates....more
On March 13, 2024, the European Union’s parliament formally approved the EU AI Act (pdf), making it the world’s first major set of regulatory ground rules to govern generative artificial intelligence (AI) technology. The EU...more
HHS Cybersecurity Performance Goals and the Healthcare Industry - The healthcare industry is a major target for cyberattacks because of all of the personal information collected from patients. Recognizing that the healthcare...more
Recently, the Illinois General Assembly have restarted efforts to amend the Biometric Information Privacy Act of 2008 (“the Act”). On January 31, 2024, Senator Bill Cunningham introduced S.B. 2979 ostensibly to answer the...more
On January 18, 2024, the Federal Trade Commission (FTC) discussed its long-anticipated proposed changes for the Children’s Online Privacy Protection Rule (COPPA) in an open meeting. Released in a notice of proposed...more
The FTC is proposing significant changes to the Children’s Online Privacy Protection Act (COPPA) rule to place new restrictions on the use and disclosure of children’s personal information. The COPPA Rule requires websites...more
The Federal Trade Commission (FTC) gave privacy lawyers a long-awaited Christmas gift on December 20, 2023: its notice of proposed rulemaking (NPRM) to amend the Children’s Online Privacy Protection Act (COPPA) Rule. The NPRM...more
The Children’s Online Privacy Protection Rule requires operators of websites and online services that are directed to children under 13 years of age, or that have “actual knowledge” they are collecting personal information...more