State Privacy

On October 30, 2025, California Attorney General Bonta announced a $530,000 settlement related to allegations that Sling TV, an internet-based live TV service, violated the California Consumer Privacy Act (“CCPA”) and the California Unfair Competition Law. This is the first enforcement action arising from the California Department of Justice’s (“DOJ”) investigative sweep of streaming services and connected TVs, which was announced in January 2024.Continue Reading California Attorney General Announces $530,000 CCPA Settlement with Sling TV

On September 23, 2025, the California Privacy Protection Agency announced that the state’s Office of Administrative Law approved regulations that update existing California Consumer Privacy Act (“CCPA”) regulations and introduce new regulations covering cybersecurity audits, risk assessments, and automated decision-making technology.  The updates to the existing regulations—which take effect on January 1, 2026—expand business obligations under the CCPA and give consumers more control over their personal information.  This blog post highlights key updates to the existing regulations. Continue Reading California Finalizes Updates to Existing CCPA Regulations

Recently, California Governor Gavin Newsom signed into law several privacy and related proposals, including new laws governing browser opt-out preference signals, social media account deletion, data brokers, reproductive and health services, age signals for app stores, social media “black box warning” labels for minors, and companion chatbots. This blog summarizes

Continue Reading California Enacts New Privacy Laws

On September 30, 2025, the California Privacy Protection Agency (“Agency”) announced a decision and $1.35 million fine to resolve allegations that Tractor Supply Co. (“Tractor Supply”) violated the California Consumer Privacy Act (“CCPA”). The settlement comes after the Agency filed a petition to enforce an investigative subpoena against Tractor Supply. In addition to imposing the Agency’s largest fine to date, the settlement also marks the Agency’s first enforcement action related to job applicant personal data. Similar to the enforcement actions against American Honda Motor Co., Inc. and Todd Snyder, Inc., the Agency continues to focus on how businesses facilitate consumer rights under the CCPA.Continue Reading California Privacy Agency Fines Tractor Supply $1.35 Million Over CCPA Violations

The California Civil Rights Council and the California Privacy Protection Agency have recently passed regulations that impose requirements on employers who use “automated-decision systems” or “automated decisionmaking technology,” respectively, in employment decisions or certain HR processes. On the legislative side, the California Legislature passed SB 7, which would impose

Continue Reading Navigating California’s New and Emerging AI Employment Regulations

On August 29, the Oregon Department of Justice (DOJ) issued an enforcement report and press release covering its first year of enforcement of the Oregon Consumer Privacy Act (OCPA).  The OCPA took effect on July 1, 2024, and the cure period sunsets on January 1, 2026.  We previously summarized some of requirements in the OCPA here.  This blog summarizes notable takeaways from the enforcement report.Continue Reading Oregon DOJ Publishes Enforcement Report on the Oregon Consumer Privacy Act

Following the approach taken by the Kentucky and Connecticut legislatures this spring, Oregon has amended its comprehensive privacy statute to implement changes to the law.  Specifically, the amendment extends the statutory cure period to July 1, 2026, but this extension is limited to certain controllers.  Beginning on January 1, 2026, the statute’s cure provision will only apply to controllers that are a “noncommercial educational broadcast station, as defined in 47 U.S.C. 397” and that (1) receive funding from the Corporation for Public Broadcasting and (2) distribute the entity’s journalism content without cost to recipients.   Continue Reading Oregon Amends Its Comprehensive Privacy Statute

On June 22, Texas Governor Greg Abbott (R) signed the Texas Responsible AI Governance Act (“TRAIGA”) (HB 149) into law.  The law, which takes effect on January 1, 2026, makes Texas the second state to enact comprehensive AI consumer protection legislation, following the 2024 enactment of the Colorado

Continue Reading Texas Enacts AI Consumer Protection Law

This year, state lawmakers have introduced over a dozen bills to regulate “surveillance,” “personalized,” or “dynamic” pricing.  Although many of these proposals have failed as 2025 state legislative sessions come to a close, lawmakers in New York, California, and a handful of other states are moving forward with a range

Continue Reading State Legislatures Advance Surveillance Pricing Regulations