US Privacy

Subscribe to US Privacy via RSS

Companies can take many lessons from the FTC’s recent COPPA settlement with a robot app from the toy manufacturer Apitor Technologies. According to the FTC complaint, the app allegedly allowed a Chinese entity to collect and share children’s geolocation information without parental consent – violating COPPA. In particular, children could use the app to program their robots, but to do so, they needed to enable location permissions. Once enabled, a third party SDK (JPush), developed by Chinese-based entity Jiguang, would send the child’s location to that entity’s Chinese-based servers.Continue Reading What Can We Learn from This Administration’s FTC COPPA Settlement

Now is the time that many are putting together their 2026 budgets and considering how much to allocate next year to address the constantly evolving privacy and data security landscape. In the last article in this series we looked at three change management tools that can help effectuate privacy compliance. Here are three more, and things to consider -and potentially budget for- in the new year.Continue Reading More Privacy Compliance Considerations for the 2026 Budget Process

Today’s compliance landscape is more crowded—and more complex—than ever. As the pace of regulatory change accelerates, companies need to find effective paths forward. As I detailed in a Law360 article from earlier this year, change management tools can help. Here are three areas to consider as you begin to think about your compliance plans (and budget) for 2026.Continue Reading Setting Your Privacy Compliance Strategy in Advance of the 2026 Budget Process

Starting January 1, 2026, health care practitioners in Texas are required to store electronic health records in the United States under a new Act. It applies to all records- regardless of the date on which the record was first prepared. his requirement is found in a recently enacted law that also includes requirements for practitioner’s AI use.Continue Reading New Texas Law Requires Storage of Electronic Health Records in U.S.

Connecticut has revised its privacy law for the third time since it was passed in 2022. With SB 1295, the state has mirrored others (like Colorado and Montana) in making ongoing changes to its law. Many of the changes incorporate either in concept, or wholesale, provisions that exist in other states. Connecticut makes these changes following 2024 and 2025 AG reports, which reports included recommendations to lawmakers, some of which ended up in SB 1295. Continue Reading Connecticut, the Provisions State, Adds New Provisions to its Privacy Law

Texas is getting into the AI action, with a new law (the Texas Responsible Artificial Intelligence Governance Act) that will place restrictions not only on AI use by government agencies, but businesses as well. In particular, it will apply to businesses (a) operating in Texas, (b) those that have products or services used by those in the state, or (c) those that develop or deploy AI systems in Texas. The requirements of the law will take effect January 1, 2026. Some things for companies to keep in mind about the law’s requirements:Continue Reading Countdown to 2026: What Will the Texas AI Law Mean for Businesses?

Minnesota has a new law that, beginning a year from now, will require that social media companies warn users of the potential negative mental health effects of social media use each time a user accesses a social media platform. The warning label will need to include specific content, including information about mental health resources (like the national suicide prevention and mental health crisis hotline). The law also specifically prohibits including “extraneous information” in the warning label. It must be on-screen (not in a company’s website terms) and remain on screen until the user either acknowledges and agrees to it, or leaves the site.Continue Reading Minnesota May Be First to Require Social Media Warning Label

Oregon will begin to regulate the use of minors’ information and sale of users’ location data (regardless of age) with an update to its Oregon Consumer Privacy Act. These revisions will go into effect January 1, 2026. As amended, those subject to the law will not be able to profile or serve targeted advertising to anyone under 16. This includes both those the company knows are under that age, as well as those that they should know are under that age. (Currently, restriction that applies to consumers that are at least thirteen but not older than fifteen without their consent.)Continue Reading Oregon’s Privacy Law Update Adds to Patchwork Approach to Minors and Location Data

The US “comprehensive” law landscape continues to expand, with two more states—Tennessee (July 1) and Minnesota (July 31) —joining the “comprehensive” privacy law club. Five of these -Delaware, Iowa, Nebraska, New Hampshire, and New Jersey- took effect in January. As the patchwork of state-level “comprehensive” privacy laws expands, what should business keep in mind? As outlined below, perhaps the biggest takeaway is that the laws add to a patchwork, one which consists of many overlapping requirements. Here are a few highlights from these two latest laws:Continue Reading US Privacy Footprint Continues to Expand: Tennessee and Minnesota Join the State Law Club