Photo of Alexandra Scott

On April 11, the Indiana legislature passed comprehensive state privacy legislation in the form of S.B. 5. S.B. 5 shares similarities with the state privacy laws in Virginia, Connecticut, Colorado, Utah, and most recently Iowa.  If signed into law, S.B. 5 would take effect on January 1, 2026.  This blog post summarizes the statute’s key takeaways.

Continue Reading Indiana Passes Comprehensive Privacy Statute

On March 28, Governor Kim Reynolds signed into law SF 262, making Iowa the sixth state to enact a comprehensive consumer privacy law.  The new law will take effect on January 1, 2025.

As we discuss here, Iowa’s privacy law shares a number of key similarities to existing state privacy frameworks, including providing

On March 15, 2023, the Colorado Attorney General filed final rules implementing the Colorado Privacy Act (“CPA”) with the Secretary of State.  The Attorney General first released proposed draft rules on October 10, 2022 and subsequently released revised draft rules on December 21, 2022 and January 27, 2023 after public comment.  The final rules will

On March 15th, the Iowa legislature passed S.F. 262 (the “ICDPA”), making it the sixth U.S. state to pass a comprehensive state privacy statute.  The Iowa statute most closely resembles the Utah Consumer Privacy Act (“UCPA”), though it also shares some similarities with the approaches adopted in Virginia, Colorado, and Connecticut.  The statute will next go to the governor’s desk for signature.  If signed into law, the ICDPA would take effect on January 1, 2025.

Continue Reading Iowa Passes Comprehensive Privacy Statute

Recently, the Colorado Attorney General’s office posted a revised draft of the regulations implementing the Colorado Privacy Act. The revisions made a number of changes, and we highlight a few key ones below.

  • Specifying that the dark patterns provisions apply in certain circumstances only. The rules clarify that the rules governing dark patterns apply only

At the CPPA board meeting last week, the agency adopted the regulations and directed the staff to file the rulemaking package with the Office of Administrative Law (“OAL”). Before these regulations can become effective (and therefore enforceable), the OAL must complete its review of the regulations.  It has 30 working days to complete its review

As we previously discussed, the California Privacy Protection Agency (“CPPA”) recently released updated rules implementing the California Privacy Rights Act (“CPRA”). Here are some of the key changes from those rules.  While the changes are modest, they are directionally helpful in addressing some of the concerns industry raised during the rulemaking process.

Continue Reading Some Key Takeaways from The Updated CPRA Rules

On October 10, 2022 the draft rules implementing the Colorado Privacy Act (“CPA”) were officially published in the Colorado Register.  Written comments on the draft rules are due by November 7, 2022.  The CPA draft rules share some similarities with the draft rules set forth by the California Privacy Protection Agency (“CPPA”) interpreting the California Privacy Rights Act (“CPRA”).  Both sets of draft rules address requirements for privacy policy disclosures, consumer rights requests, and providing opt-out mechanisms.  However, there are a number of key differences between the two drafts. We highlight some of these below.

Continue Reading Colorado Attorney General Releases Draft CPA Rules