Utah Privacy

Subscribe to Utah Privacy via RSS

Virginia’s Governor, Glenn Youngkin, vetoed a bill this week that would have regulated “high-risk” artificial intelligence systems. HB 2094, which narrowly passed the state legislature, aimed to implement regulatory measures akin to those established by last year’s Colorado AI Act. At the same time, Colorado’s AI Impact Task Force issued concerns about the Colorado law, which may thus undergo modifications before its February 2026 effective date. And in Texas, a proposed Texas Responsible AI Governance Act was recently modified.Continue Reading US State AI Legislation: Virginia Vetoes, Colorado (Re)Considers, and Texas Transforms

Utah’s governor recently signed the first law which puts age restrictions on app downloads. The law (the App Store Accountability Act, SB 142), was signed yesterday (Wednesday, March 26, 2025). We anticipate that the law may be challenged, similar to NetChoice’s challenge to the Utah Social Media Regulation Act and other similar state laws.Continue Reading Utah Pioneers App Store Age Limits

Much of the focus on US privacy has been US state laws, and the potential of a federal privacy law. This focus can lead one to forget, however, that US privacy and data security law follows a patchwork approach both at a state level and a federal level. “Comprehensive” privacy laws are thus only one piece of the puzzle. There are federal and state privacy and security laws that apply based on a company’s (1) industry (financial services, health care, telecommunications, gaming, etc.), (2) activity (making calls, sending emails, collecting information at point of purchase, etc.), and (3) the type of individual from whom information is being collected (children, students, employees, etc.). There have been developments this year in each of these areas.Continue Reading Mid-Year Recap: Think Beyond US State Laws!

May 1 is a busy privacy day in Utah, with not only updates to the breach notification and social media platforms and minors laws going into effect, but also a new AI law, and one in the vehicle space. This last, the Utah Motor Vehicle Data Protection Act, has a narrow scope. It impacts “dealer data systems,” i.e., systems used by car dealerships to house consumer information.Continue Reading May 1 Brings Another Privacy Law to the Beehive State: The Utah Motor Vehicle Data Protection Act

The Utah legislature has been busy, with another law effective May 1. This one is “privacy adjacent” but worth keeping in mind. The law, the Artificial Intelligence Policy Act, was signed into law in March. Among other things, it will require companies to respond “clearly and conspicuously” to an individual who asks if they are interacting with artificial intelligence and the communications are made in connection with laws regulated by the Utah department of commerce. (This includes the Utah Privacy Act, the state’s sales practices law, its telephone solicitation laws, and many others.)Continue Reading Utah’s New AI Disclosure Requirements Effective May 1

Florida recently passed a new law and Utah recently repealed and replaced its previously enjoined law with two new bills (available here and here), which regulate minors’ access to social media platforms. The laws highlight states’ continued efforts to protect minors in the social media realm.Continue Reading Mother May I? Florida and Utah Recently Passed Regulations for Minor Use of Social Media Platforms

This year has been active on the state “comprehensive” privacy law front. Seven states passed new laws in 2023 (Delaware, Iowa, Indiana, Tennessee, Montana, Florida, and Oregon). These states joined California, Connecticut, Colorado, and Virginia with laws already in effect. Soon, Utah will join the “active” law list when its privacy law comes into effect on December 31.Continue Reading Closing Out 2023 with Utah’s Privacy Law

It’s been a busy summer for US state privacy laws, and companies now need to keep track of a growing list of requirements from these laws. These include many we have written about in the past, including notice, vendor contract provisions, and offering consumers rights and choices. The laws also impose certain record keeping requirements, which we discuss here.Continue Reading The Comprehensive Privacy Law Deluge: Record-Keeping and Related Requirements

When thinking about privacy notice obligations, companies often -incorrectly- leap to the wording in their privacy policies. The new comprehensive state privacy laws are a reminder that notice obligations are a bit broader than mere privacy policies. To the extent that these laws apply to your organization (see our prior applicability post) there are some notice-related obligations to keep in mind.Continue Reading The Comprehensive Privacy Law Deluge: Approaching Notice Obligations

Of the many worries on privacy compliance teams’ lists as we face the onslaught of state “general” privacy laws are the impacts they have on vendor contracts. Fortunately for those who have already had to deal with contracts with vendors (service providers, processors) in California or EU’s GDPR, the impact should be fairly minimal.Continue Reading The Comprehensive Privacy Law Deluge: Updating Vendor Contracts