The Ninth Circuit continued the pause on California’s SB 976 (Protecting Our Kids from Social Media Addiction Act) as of late January 2025. The law was signed by Governor Newsom in September 2024, and challenged by NetChoice shortly thereafter.Continue Reading California’s Kids’ Social Media Law Wrangling Continues, and Maryland Too!

Following a German case brought against the EU Commission, the EU General Court found that the Commission had made an improper transfer of personal information to the US. The plaintiff, a German citizen, alleged (among other things) that his information was sent through the EU Commission’s website to the US through an automated social media login option when he registered for a Commission event. He further alleged that this violated the government-agency equivalent of GDPR (EUDPR), as it occurred during a period in time when the Privacy Shield had been found inadequate, and the replacement program was not yet in place.Continue Reading EU Fines EU?!: Alleged Unlawful Data-Transfer Dust-Up

At the end of 2024 the Italian Data Protection Authority issued a 15 million euro fine in the first generative AI-related case brought under GDPR. According to Garante (the Italian authority), OpenAI trained ChatGPT with users’ personal data without first identifying a proper legal basis for the activity, as required under GDPR. The Order also alleges that OpenAI failed to notify Garante about a data breach the company experienced in March 2023. Additionally, the Order states that OpenAI did not provide proper age verification mechanisms for users under age 13. Continue Reading Don’t Forget the EU: Italy Issued First GenAI Fine of €15 Million Alleging GDPR Violations 

The Colorado AG’s office adopted draft amendments to the Colorado Privacy Act rules last month. The adopted draft reflected input from the public to AG’s September 2024 version and addresses three key issues. First, on opinion letters and interpretive guidance from the AG. Second, changes resulting from the passage of a bill related to biometric (HB 24-1130) data. And third, a bill related to children’s (SB 24-041) privacy. (Both of which amend Colorado’s privacy law.)Continue Reading Colorado Rolls Out Updated Privacy Rules Ahead of 2025 CPA Amendments

New York has a new AI-related law which took effect January 1. The law regulates creation and use of digital replicas of an individual’s voice or likeness and is similar to those in California and Tennessee.Continue Reading New Year, New Protections for New York Artists and AI-Generated Replicas

As 2024 came to a close, New York Gov. Hochul signed two bills (A8872A and S2376B) amending New York’s data breach law. The modifications change both what constitutes personal information under the law, as well as modifying notification timing. The notice modification is now in effect; the change to the definition of personal information does not take effect until March 21, 2025.Continue Reading New York Modifies Data Breach Law Heading Into 2025

The Federal Trade Commission recently settled complaints against two data brokers over their handling of consumers’ sensitive location information. The agency alleged that such practices constitute unfair practices. Under the settlement, both Gravy Analytics and Mobilewalla, agreed to stop using and selling sensitive consumer location data.Continue Reading FTC Keeps Sights on Data Brokers that Sell Sensitive Location Sites

For those who send marketing texts, keep in mind the FCC one-to-one consent rule update. It has been getting some publicity, and takes effect January 27, 2025. As most are aware, TCPA requires getting consent before sending certain automated texts. For automated marketing texts, prior express written (i.e. signed) consent is needed.Continue Reading FCC’s One-To-One Consent Rule Takes Effect in January

Are you ready for the next set of US state privacy laws going into effect? Delaware, Iowa, Nebraska, and New Hampshire are effective January 1, and New Jersey’s law go into effect two weeks later (January 15).Continue Reading Coming to a State Near You: 5 State Privacy Laws Take Effect in January 2025

In the waning months of the current administration, the White House issued a memo setting forth actions focused on national security as directed in the AI Executive Order from last year. As a reminder, the order -while directed to government agencies- also had impacts on how businesses use of artificial intelligence.Continue Reading ‘All Hands on Deck’ – White House Continues to Call on Agencies for AI National Security Plan