On March 7, Utah repealed and replaced its Social Media Regulation Act, which had previously been challenged in a pair of lawsuits by NetChoice and the Foundation for Individual Rights and Expression. The replacement legislation is spread across two enacted bills, SB 194 and HB 464. SB 194 contains the bulk of the legislation’s general provisions, while HB 464 includes a private right of action for certain harms associated with a minor’s use of algorithmically curated social media. We summarize below some of the key features of the new legislation, which will go into effect on October 1, 2024.Continue Reading Utah Repeals and Replaces Social Media Regulation Act

John Bowers
John Bowers is an associate in the firm’s Washington, DC office. He is a member of the Data Privacy and Cybersecurity Practice Group and the Technology and Communications Regulation Practice Group.
John advises clients on a wide range of privacy and communications issues, including compliance with telecommunications regulations and U.S. state and federal privacy laws.
OMB Publishes Request for Information on Agency Privacy Impact Assessments
On January 30, 2024, the U.S. Office of Management and Budget (OMB) published a request for information (RFI) soliciting public input on how agencies can be more effective in their use of privacy impact assessments (PIAs) to mitigate privacy risks, including those “exacerbated by artificial intelligence (AI).” The RFI notes that federal agencies may develop or procure AI-enabled systems from the private sector that are developed or tested using personal identifiable information (PII), or systems that process or use PII in their operation. Among other things, the RFI seeks comment on the risks “specific to the training, evaluation, or use of AI and AI-enabled systems” that agencies should consider in conducting PIAs of those systems. Continue Reading OMB Publishes Request for Information on Agency Privacy Impact Assessments
New Jersey and New Hampshire Pass Comprehensive Privacy Legislation
New Jersey and New Hampshire are the latest states to pass comprehensive privacy legislation, joining California, Virginia, Colorado, Connecticut, Utah, Iowa, Indiana, Tennessee, Montana, Oregon, Texas, Florida, and Delaware. Below is a summary of key takeaways. Continue Reading New Jersey and New Hampshire Pass Comprehensive Privacy Legislation
California Privacy Protection Agency Votes to Advance Legislation Requiring Certain Browsers to Support Opt-Out Preference Signals
At its December 8 board meeting, the California Privacy Protection Agency (“CPPA”) voted to advance a legislative proposal that would require vendors of web browsers to include a feature that would allow consumers to exercise data subject rights through opt-out preference signals. Regulations promulgated under the California Consumer Privacy Act…
Continue Reading California Privacy Protection Agency Votes to Advance Legislation Requiring Certain Browsers to Support Opt-Out Preference SignalsCPPA Releases Draft Risk Assessment Regulations
Ahead of its December 8 board meeting, the California Privacy Protection Agency (CPPA) has issued draft risk assessment regulations. The CPPA has yet to initiate the formal rulemaking process and has stated that it expects to begin formal rulemaking next year, at which time it will also consider draft regulations covering “automated decisionmaking technology” (ADMT), cybersecurity audits, and revisions to existing regulations. Accordingly, the draft risk assessment regulations are subject to change. Below are the key takeaways:Continue Reading CPPA Releases Draft Risk Assessment Regulations