Maryland’s new comprehensive data privacy law, the Maryland Online Data Privacy Act, was recently signed into law by Governor Moore. This brings the total number of state “comprehensive” privacy laws to 18, five of which have been passed in 2024. Maryland’s law will take effect in 2025 along with several others. Maryland’s effective date is October 1, 2025 (after Tennessee (July 1, 2025) and before Indiana and Kentucky (January 1, 2026)). For a full list of effective dates, as well as other details of these state privacy laws, visit our resource page.Continue Reading Maryland, the Old Line State, Creates New Lines with Consumer Privacy Law

May 1 is a busy privacy day in Utah, with not only updates to the breach notification and social media platforms and minors laws going into effect, but also a new AI law, and one in the vehicle space. This last, the Utah Motor Vehicle Data Protection Act, has a narrow scope. It impacts “dealer data systems,” i.e., systems used by car dealerships to house consumer information.Continue Reading May 1 Brings Another Privacy Law to the Beehive State: The Utah Motor Vehicle Data Protection Act

The Utah legislature has been busy, with another law effective May 1. This one is “privacy adjacent” but worth keeping in mind. The law, the Artificial Intelligence Policy Act, was signed into law in March. Among other things, it will require companies to respond “clearly and conspicuously” to an individual who asks if they are interacting with artificial intelligence and the communications are made in connection with laws regulated by the Utah department of commerce. (This includes the Utah Privacy Act, the state’s sales practices law, its telephone solicitation laws, and many others.)Continue Reading Utah’s New AI Disclosure Requirements Effective May 1

Nebraska’s governor has now signed into law the state’s “comprehensive” privacy law making it the fourth one this year, and the 17th overall. It will take effect on January 1, 2025 – the same day as Delaware, Iowa, and New Hampshire. (For a round-up of all of the recent state privacy laws visit our new online resource.)Continue Reading Nebraska Fourth State to Enact Privacy Law in 2024

Earlier this month, the California Privacy Protection Agency (CPPA) issued its first-ever enforcement advisory (No. 2024-01). The advisory addresses what it calls the “foundational principle” of data minimization, and more specifically, as applied to the processing of consumer requests.Continue Reading The CPPA Signals Focus on Data Minimization and Consumer Requests

The Biden Administration recently issued an Executive Order aimed at protecting American’s sensitive information and certain US Government data from threats posed by foreign actors. Of note is the Order’s focus on data brokers that may share data in bulk with foreign entities and/or individuals.Continue Reading New Program Under Biden Executive Order to Prevent Access to American’s Sensitive Personal Data by Foreign Actors

Florida recently passed a new law and Utah recently repealed and replaced its previously enjoined law with two new bills (available here and here), which regulate minors’ access to social media platforms. The laws highlight states’ continued efforts to protect minors in the social media realm.Continue Reading Mother May I? Florida and Utah Recently Passed Regulations for Minor Use of Social Media Platforms

With the Kentucky governor recently signing into law that state’s privacy law the US now has 16 states with “comprehensive” privacy laws. This newest one will go into effect on January 1, 2026 – the same day as Indiana. It closely resembles other state privacy laws, in particular, Virginia’s privacy law. For a recap of all of the US state privacy laws and their obligations you can visit our interactive tool.Continue Reading Kentucky’s New Consumer Privacy Law: Is the Privacy Grass Greener in the Bluegrass State?

New Hampshire’s governor has signed into law the second state comprehensive privacy law of 2024. The law takes effect on January 1, 2025 – the same day as Iowa and Delaware (with New Jersey going into effect two weeks later). The law closely resembles other state privacy laws.Continue Reading New Hampshire, the Granite State, Joins Privacy Law Deluge: Sets Its Law in Stone

Earlier this month the UK privacy office put a stop to several related entities’ use of facial recognition technologies and fingerprint monitors for their employees. The UK Information Commissioner’s Office found that the companies were using the tools to monitor attendance. However, the ICO felt that the companies could have used “less intrusive technologies” -like fobs or ID cards- to accomplish the same goals. In reaching its conclusion the ICO noted that employees were allegedly not given a meaningful choice, given the “imbalance of power” between the employer and the employee. And as such employees were made to feel, the ICO believed, that clocking in and out with facial recognition/fingerprint scanning was “a requirement in order to get paid.”Continue Reading ICO Has Concerns Over Facial Recognition Use