A new lawsuit filed by the Texas Attorney General against Roblox has brought privacy, safety, and data handling into the spotlight for online platforms, especially those used by kids and teens. The allegations followed concerns raised by advocacy groups in 2024 and suggest that Texas will continue to be active in the privacy space.Continue Reading Texas Sets Sights on Roblox
Starting January 1, 2026, health care practitioners in Texas are required to store electronic health records in the United States under a new Act. It applies to all records- regardless of the date on which the record was first prepared. his requirement is found in a recently enacted law that also includes requirements for practitioner’s AI use.Continue Reading New Texas Law Requires Storage of Electronic Health Records in U.S.
Texas recently enacted a pair of laws aimed at AI governance in the public sector and in healthcare. Starting September 1, 2025, there will be statutory authorization for health care practitioners (HCPs) in Texas to use AI for care-related purposes. This includes a practitioner’s ability to develop courses of treatment and to diagnose patients.Continue Reading New Texas Law Permits Use of AI In Health Care
Texas is getting into the AI action, with a new law (the Texas Responsible Artificial Intelligence Governance Act) that will place restrictions not only on AI use by government agencies, but businesses as well. In particular, it will apply to businesses (a) operating in Texas, (b) those that have products or services used by those in the state, or (c) those that develop or deploy AI systems in Texas. The requirements of the law will take effect January 1, 2026. Some things for companies to keep in mind about the law’s requirements:Continue Reading Countdown to 2026: What Will the Texas AI Law Mean for Businesses?
Virginia’s Governor, Glenn Youngkin, vetoed a bill this week that would have regulated “high-risk” artificial intelligence systems. HB 2094, which narrowly passed the state legislature, aimed to implement regulatory measures akin to those established by last year’s Colorado AI Act. At the same time, Colorado’s AI Impact Task Force issued concerns about the Colorado law, which may thus undergo modifications before its February 2026 effective date. And in Texas, a proposed Texas Responsible AI Governance Act was recently modified.Continue Reading US State AI Legislation: Virginia Vetoes, Colorado (Re)Considers, and Texas Transforms
As we enter into the heart of the summer there is no time to relax in privacy-land with the next batch of “comprehensive” privacy laws coming into effect on July 1. Namely, those in Texas and Oregon (and Florida if you count it as “comprehensive”). These states will join those already in effect in California, Colorado, Connecticut, Utah, and Virginia. (For a recap of effective dates and requirements, visit our tracker.)Continue Reading It’s (Almost) July 1!: Did You Remember Oregon and Texas (and Florida)’s New Privacy Laws?
Both Texas and Oregon recently adopted rules that will, among other things, implement a registry required by both states’ data broker laws. The Texas law went into effect September 1, 2023, and the Oregon law will go into effect January 1, 2024. Both are similar to laws in Vermont and California.Continue Reading Data Broker Rulemaking in Texas and Oregon
It’s been a busy summer for US state privacy laws, and companies now need to keep track of a growing list of requirements from these laws. These include many we have written about in the past, including notice, vendor contract provisions, and offering consumers rights and choices. The laws also impose certain record keeping requirements, which we discuss here.Continue Reading The Comprehensive Privacy Law Deluge: Record-Keeping and Related Requirements
Texas has joined Arkansas and Utah as the third state to impose requirements on social media accounts for those under 18. Namely, with the Securing Children Online through Parental Empowerment Act (“SCOPE Act”), Texas will place requirements on “digital service providers.” The law goes into effect September 1, 2024. It does not provide for a private right of action. Instead, enforcement will be by the Texas attorney general.Continue Reading Texas’ SCOPE Act Puts Focus on Social Media and Minors
When thinking about privacy notice obligations, companies often -incorrectly- leap to the wording in their privacy policies. The new comprehensive state privacy laws are a reminder that notice obligations are a bit broader than mere privacy policies. To the extent that these laws apply to your organization (see our prior applicability post) there are some notice-related obligations to keep in mind.Continue Reading The Comprehensive Privacy Law Deluge: Approaching Notice Obligations
Of the many worries on privacy compliance teams’ lists as we face the onslaught of state “general” privacy laws are the impacts they have on vendor contracts. Fortunately for those who have already had to deal with contracts with vendors (service providers, processors) in California or EU’s GDPR, the impact should be fairly minimal.Continue Reading The Comprehensive Privacy Law Deluge: Updating Vendor Contracts