There has been a whirlwind of activity over the past year as states enact and implement comprehensive consumer privacy laws. Starting with the passage of the California Consumer Privacy Act (CCPA) in 2018, which became effective in 2020, the US state privacy legal landscape has continued to develop rapidly. New comprehensive privacy frameworks are set to come into effect in California, Virginia, Colorado, Utah, and Connecticut in 2023. As we described in our Legal Update State Privacy Law Roundup: Developments in California, Virginia and Colorado, covered businesses, privacy advocates, and other interested spectators have been (patiently) waiting for regulations to be promulgated for guidance about how these laws will be enforced. Our latest state law roundup reviews what has been happening in our “laboratories of democracy.” Thanks to some particularly active state enforcement authorities in California and Colorado, we now have draft rules and regulations that clarify, and in some ways expand, the requirements under those states’ forthcoming privacy laws. Moreover, the California Attorney General’s office (CA AG) has announced the first public settlement of an enforcement action for violations of the CCPA. This Legal Update provides an overview of these recent developments.
