Following the approach taken by the Kentucky and Connecticut legislatures this spring, Oregon has amended its comprehensive privacy statute to implement changes to the law. Specifically, the amendment extends the statutory cure period to July 1, 2026, but this extension is limited to certain controllers. Beginning on January 1, 2026, the statute’s cure provision will only apply to controllers that are a “noncommercial educational broadcast station, as defined in 47 U.S.C. 397” and that (1) receive funding from the Corporation for Public Broadcasting and (2) distribute the entity’s journalism content without cost to recipients. Continue Reading Oregon Amends Its Comprehensive Privacy Statute
State Privacy
Texas Enacts AI Consumer Protection Law
On June 22, Texas Governor Greg Abbott (R) signed the Texas Responsible AI Governance Act (“TRAIGA”) (HB 149) into law. The law, which takes effect on January 1, 2026, makes Texas the second state to enact comprehensive AI consumer protection legislation, following the 2024 enactment of the Colorado…
Continue Reading Texas Enacts AI Consumer Protection LawConnecticut Legislature Amends Its Privacy Statute
On June 24, 2025, the Connecticut governor signed SB 1295, which amends the state’s comprehensive privacy statute, the Connecticut Data Privacy Act (“CTDPA”). SB 1295 takes effect on July 1, 2026.Continue Reading Connecticut Legislature Amends Its Privacy Statute
State Legislatures Advance Surveillance Pricing Regulations
This year, state lawmakers have introduced over a dozen bills to regulate “surveillance,” “personalized,” or “dynamic” pricing. Although many of these proposals have failed as 2025 state legislative sessions come to a close, lawmakers in New York, California, and a handful of other states are moving forward with a range…
Continue Reading State Legislatures Advance Surveillance Pricing RegulationsNew Jersey Division of Consumer Affairs Proposes Draft Regulations
On June 2, 2025, the New Jersey Division of Consumer Affairs published draft regulations to implement the New Jersey Data Protection Act, which went into effect on January 1, 2025. The draft regulations propose detailed requirements, including for privacy notices, consent, and consumer rights. Interested parties may submit written…
Continue Reading New Jersey Division of Consumer Affairs Proposes Draft RegulationsArkansas Advances Children and Teen Privacy Laws
On April 21, 2025, Arkansas Governor Sarah Huckabee Sanders signed three laws expanding privacy protections for children and teens. The Content Creation Protection Act passed the legislature and is pending signature. This blog summarizes the statutes’ key takeaways.Continue Reading Arkansas Advances Children and Teen Privacy Laws
Montana Passes Amendments to Consumer Data Privacy Act
On April 15, 2025, the Montana legislature unanimously passed Montana SB 297, a bill that would amend the Montana Consumer Data Privacy Act (“MTCDPA”) with provisions expanding online data protections for minors, narrowing the exemptions under the Gramm-Leach-Bliley Act, and removing a controller’s right to cure, among others. We outline some key provisions below.Continue Reading Montana Passes Amendments to Consumer Data Privacy Act
Utah Enacts App Store Accountability Act
On March 26, 2025, Utah Governor Spencer Cox signed into law SB 142, the App Store Accountability Act (the “Act”), enacting the country’s first state law that requires app store providers to verify the age of all users and places obligations on app developers. An “app store provider” is defined as “a person that owns, operates, or controls an app store that allows users in [Utah] to download apps onto a mobile device.” A “developer” is defined as “a person that owns or controls an app made available through the app store in the state.”
The law goes into effect on May 7, 2025, and the obligations on app store providers and developers are not effective until May 6, 2026. Some key provisions are outlined below.Continue Reading Utah Enacts App Store Accountability Act
State Attorneys General Issue Guidance On Privacy & Artificial Intelligence
Attorneys General in Oregon and Connecticut issued guidance over the holiday interpreting their authority under their state comprehensive privacy statutes and related authorities. Specifically, the Oregon Attorney General’s guidance focuses on laws relevant for artificial intelligence (“AI”), and the Connecticut Attorney General’s guidance focuses on opt-out preference signals that go into effect on January 1, 2025 in the state.Continue Reading State Attorneys General Issue Guidance On Privacy & Artificial Intelligence
Illinois Federal Court Rules BIPA Single-Violation Amendment Applies Retroactively
In a new post on the Inside Class Actions blog, our colleagues discuss a new Illinois federal court decision, Gregg v. Cent. Transp. LLC, 2024 WL 4766297, at *3 (N.D. Ill. Nov. 13, 2024), which holds that the state’s recent amendment to its Biometric Information Privacy Act capping…
Continue Reading Illinois Federal Court Rules BIPA Single-Violation Amendment Applies Retroactively