California appears to be changing its approach to how it regulates artificial intelligence, likely reflecting its reaction to challenges seen recently in other states. Namely, the California Privacy Protection Agency recently released an update to its draft regulations which change
The Michigan Attorney General has filed a complaint against Roku, a popular TV content platform, alleging, among other things, violations of the Children’s Online Privacy Protection Act and the Video Privacy Protection Act (and a similar Michigan law). As
Montana recently revised its Genetic Information Privacy Act to address neural data. The law went into effect in 2023, and applies to both entities that offer genetic testing services as well as entities that use genetic data.
Virginia’s governor recently signed into law a bill that amends the Virginia Consumer Data Protection Act. As revised, the law will include specific provisions impacting children’s use of social media. Unless contested, the changes will take effect January 1,
The Belgian Data Protection Authority recently ruled that a Belgian government entity, FPS Finance, cannot transfer the personal data of “accidental Americans” to the IRS. According to the decision, the transfers needed to cease for several reasons.
In a landmark ruling, the Ninth Circuit expanded the application of specific personal jurisdiction principles to the realm of nationwide e-commerce. On April 21, 2025, an en banc panel issued a 10–1 decision ruling that allegations that Shopify embedded cookies
The FTC’s settlement with Cleo AI gives some indication as to what we might see from the agency in the coming months. The FTC alleged, among other things, that Cleo AI’s actions violated Section 5 of the FTC Act.
The California Privacy Protection Agency announced this month that it, along with six other states, will be forming a new group called the “Consortium of Privacy Regulators.” (The other states are Colorado, Connecticut, Delaware, Indiana, New Jersey, and Oregon.) Members
The U.S. Department of Justice (DOJ)’s new data security rule went into effect April 8, 2025. This rule requires companies to take measures to prevent U.S. sensitive personal and government-related data from falling into the hands of foreign adversaries. The
Over half of US states require annual compliance certifications from insurance providers. While the filing time frames for this year draw to a close, companies may want to keep them in mind not only for next year, but as a