New York’s governor recently signed the Stop Addictive Feeds Exploitation (SAFE) for Kids Act. Although signed, the law will not be effective until after the New York Attorney General creates implementing regulations. The law is aimed at protecting children under 18 from social media companies’ “addictive feeds.” Addictive feeds are defined to include platforms and services that recommend content based on information from the user’s activity or device. Among other things, the law will:Continue Reading New York Law Seeks to Regulate Addictive Social Media Feeds
Privacy
Rhode Island, the Ocean State, Sails the Privacy Waves
Rhode Island’s new privacy law has now passed into law, adding to the constantly evolving US privacy law patchwork. Rhode Island becomes the 20th state to enact a “comprehensive” privacy law (this one passing by default, without governor signature). It will go into effect on January 1, 2026, the same day as Indiana and Kentucky. For a recap of all of the US state privacy laws, including their obligations and effective dates, visit our interactive tool.Continue Reading Rhode Island, the Ocean State, Sails the Privacy Waves
It’s (Almost) July 1!: Did You Remember Oregon and Texas (and Florida)’s New Privacy Laws?
As we enter into the heart of the summer there is no time to relax in privacy-land with the next batch of “comprehensive” privacy laws coming into effect on July 1. Namely, those in Texas and Oregon (and Florida if you count it as “comprehensive”). These states will join those already in effect in California, Colorado, Connecticut, Utah, and Virginia. (For a recap of effective dates and requirements, visit our tracker.)Continue Reading It’s (Almost) July 1!: Did You Remember Oregon and Texas (and Florida)’s New Privacy Laws?
Impact of Tennessee’s Cybersecurity Class Action Safe Harbor
Tennessee has joined a handful of other states to provide certain safe harbors in the cybersecurity realm. Unlike others, the law sites beside -but does not modify- the states’ data breach notification law. Also unlike others, the safe harbor is very narrowly tailored, and is not triggered by having a data security program.Continue Reading Impact of Tennessee’s Cybersecurity Class Action Safe Harbor
A Wake-Up Call for Data Privacy in the Telecom Sector
The FCC continues to take a more active role in privacy with its enforcement of the customer propriety network information (“CPNI”) regulations. Recently, the FCC released Forfeiture Orders against the three largest mobile network operators for failing to safeguard CPNI. As we wrote about in our sister blog, violating FCC CPNI rules came with the cost of $57.3 million, $46.9 million, $12.2 million, and $80.1 million in fines to AT&T, Verizon, Sprint, and T-Mobile respectively.Continue Reading A Wake-Up Call for Data Privacy in the Telecom Sector
Vermont Governor Vetoes Comprehensive Privacy Bill
Governor Phil Scott has vetoed the state’s proposed comprehensive privacy law. In rejecting the bill, he stated he was worried it created an “unnecessary and avoidable level of risk.” He had concerns in three areas.Continue Reading Vermont Governor Vetoes Comprehensive Privacy Bill
The Land of 10,000 Lakes Adds New Consumer Privacy Law: Minnesota Joins Privacy Fray
Minnesota’s governor has now signed into law that state’s comprehensive privacy law. For those keeping count – that is number 19 of state “comprehensive” privacy laws, with six in 2024 alone. The Minnesota law will go into effect on July 31, 2025, thirty days after Tennessee’s.Continue Reading The Land of 10,000 Lakes Adds New Consumer Privacy Law: Minnesota Joins Privacy Fray
The Privacy Patchwork: Beyond US State “Comprehensive” Laws
We’ve cautioned before about the danger of thinking only about US state “comprehensive” laws when looking to legal privacy and data security obligations in the United States. We’ve also mentioned that the US has a patchwork of privacy laws. That patchwork is found to a certain extent outside of the US as well. What laws exist in the patchwork that relate to a company’s activities?Continue Reading The Privacy Patchwork: Beyond US State “Comprehensive” Laws
Mid-Year Recap: Think Beyond US State Laws!
Much of the focus on US privacy has been US state laws, and the potential of a federal privacy law. This focus can lead one to forget, however, that US privacy and data security law follows a patchwork approach both at a state level and a federal level. “Comprehensive” privacy laws are thus only one piece of the puzzle. There are federal and state privacy and security laws that apply based on a company’s (1) industry (financial services, health care, telecommunications, gaming, etc.), (2) activity (making calls, sending emails, collecting information at point of purchase, etc.), and (3) the type of individual from whom information is being collected (children, students, employees, etc.). There have been developments this year in each of these areas.Continue Reading Mid-Year Recap: Think Beyond US State Laws!
FTC Finalizes Breach Notification Rule Amendments Directed at Digital Health
The FTC recently announced that it had finalized the changes to the Health Breach Notification Rule (HBNR). This is roughly one year later from when the proposed changes were first released and three years later from the Agency’s initial “position statement” on the rule sparking controversy. The final changes clarify the scope of the rule to health apps and expands what must be told to consumers when notifying them of a breach. The updated rule goes into effect June 25, 2024.Continue Reading FTC Finalizes Breach Notification Rule Amendments Directed at Digital Health