Indiana, Kentucky, and Rhode Island rang in the new year with their comprehensive privacy laws taking effect on January 1, 2026. Almost half of US states now have these fairly similar laws in place. Nuances exist from jurisdiction to jurisdiction, making it more relevant than ever to have an adaptive approach to privacy compliance.Continue Reading Three States, One Date: Ringing in the New Year with Indiana, Kentucky, and Rhode Island
In a recent webinar, we gave practical recommendations for those non-US companies who are looking to expand their US operations. We are thrilled to announce publication of a white paper, which summarizes the recommendations from our webinar. In it, we provide an overview of the US’s patchwork approach to regulating privacy.Continue Reading Top Tips for Non-US Companies to Address US Privacy Laws
The Southern District of California recently reminded companies that it has concerns about steps to take to make online terms binding. The case arose from a putative class action over alleged false pricing practices brought against Maggy London International Ltd. an online clothing retailer.Continue Reading Are Your Online Terms Enforceable?: Lessons from California
The Consortium of Privacy Regulators is growing. Meanwhile, CalPrivacy has announced a new program, a data broker “strike force.”Continue Reading State Privacy Action Grows: Consortium Expands, California Launches Data Broker Strike Force
California has set what may be an emerging trend with AB 45, restricting collection and use of personal information collected near family planning facilities. The law was signed recently by h Governor Newsom and is set to go into effect January 1, 2027. It provides for penalties of $25,000 fine per violation.Continue Reading Keep Out! California Draws the Privacy Fence Around Health Data
If you thought social media needed a warning label, many state regulators agree. California recently passed a new warning label law, which will take effect on January 1, 2027. That is, unless it is challenged. Meanwhile, Colorado is fighting to keep alive a similar law following a NetChoice challenge. Other states (like Arkansas, California, Florida, Utah, Maryland, Mississippi, Ohio, and Texas) have not been successful, seeing similar laws stopped on First Amendment grounds.Continue Reading Warning! States Continue to Worry About Social Media and Teens
California is getting serious about age checks online, and businesses should pay attention. Thanks to the passage of AB 1043, starting January 1, 2027, software makers and app stores will need to know the user’s age (or at least their age bracket) and signal it to apps every time a download or launch happens. For businesses that may be unclear whether COPPA or CCPA’s provisions for teenagers apply to their app, this law is aimed at clarifying that ambiguity.Continue Reading “How Old Are You, Anyway?” California’s New Law Makes Apps Ask… And Remember!
Companies are become increasingly concerned about being viewed as “selling” personal data. In the midst of these worries, California’s governor signed SB 361, which will change the California Delete Act starting January 1, 2026. The law applies to those who sell personal information about consumers with whom they do not have a direct relationship. For covered entities, the amendment will add to compliance complexities.Continue Reading California Continues to Expand Data Broker Requirements
Many courts have held that that information gathered by video-related pixels are not “personal” for purposes of the Video Privacy Protection Act. Nevertheless, plaintiff class action attorneys continue to file these VPPA actions in federal court.Continue Reading Behind the Pixel: Not Always Personal Information Under VPPA
Will a final rule issued by the Department of Defense on September 10, 2025 (available here) cause companies to rethink their compliance approach? The rule –relating to the Cybersecurity Maturity Model Certification program or CMMC – will impact how defense contractors engage with the Department of Defense. (We wrote previously (here) about the separate, but related, CMMC rule that addressed substantive CMMC program requirements.)Continue Reading Leveling Up: Will CMMC Contract Obligations Impact Your Organization?
For those keeping track of the growing list of US state “comprehensive” privacy laws, you know that the Maryland law (the Maryland Online Data Privacy Act or MODPA) went into effect on October 1st. This rounds us out for US state privacy laws in 2025, bringing the total to 17 (or 16, if you discount Florida). Next up will be Indiana, Kentucky, and Rhode Island (all on January 1, 2026).Continue Reading 2025 Brought Us Eight US “Comprehensive” Privacy Laws, What’s Next?