State Privacy

On June 2, 2025, the New Jersey Division of Consumer Affairs published draft regulations to implement the New Jersey Data Protection Act, which went into effect on January 1, 2025. The draft regulations propose detailed requirements, including for privacy notices, consent, and consumer rights. Interested parties may submit written

Continue Reading New Jersey Division of Consumer Affairs Proposes Draft Regulations

On April 15, 2025, the Montana legislature unanimously passed Montana SB 297, a bill that would amend the Montana Consumer Data Privacy Act (“MTCDPA”) with provisions expanding online data protections for minors, narrowing the exemptions under the Gramm-Leach-Bliley Act, and removing a controller’s right to cure, among others.  We outline some key provisions below.Continue Reading Montana Passes Amendments to Consumer Data Privacy Act

On March 26, 2025, Utah Governor Spencer Cox signed into law SB 142, the App Store Accountability Act (the “Act”), enacting the country’s first state law that requires app store providers to verify the age of all users and places obligations on app developers. An “app store provider” is defined as “a person that owns, operates, or controls an app store that allows users in [Utah] to download apps onto a mobile device.” A “developer” is defined as “a person that owns or controls an app made available through the app store in the state.”

The law goes into effect on May 7, 2025, and the obligations on app store providers and developers are not effective until May 6, 2026. Some key provisions are outlined below.Continue Reading Utah Enacts App Store Accountability Act

Attorneys General in Oregon and Connecticut issued guidance over the holiday interpreting their authority under their state comprehensive privacy statutes and related authorities.  Specifically, the Oregon Attorney General’s guidance focuses on laws relevant for artificial intelligence (“AI”), and the Connecticut Attorney General’s guidance focuses on opt-out preference signals that go into effect on January 1, 2025 in the state.Continue Reading State Attorneys General Issue Guidance On Privacy & Artificial Intelligence

In a new post on the Inside Class Actions blog, our colleagues discuss a new Illinois federal court decision, Gregg v. Cent. Transp. LLC, 2024 WL 4766297, at *3 (N.D. Ill. Nov. 13, 2024), which holds that the state’s recent amendment to its Biometric Information Privacy Act capping

Continue Reading Illinois Federal Court Rules BIPA Single-Violation Amendment Applies Retroactively

On August 2, 2024, Illinois’ governor signed into law S.B. 2979, a significant amendment to the Illinois Biometric Information Privacy Act (BIPA). The law states that an entity that, in more than one instance, obtains the same biometric identifier or biometric information from the same person using the same method of collection in violation of BIPA’s notice and consent requirement has committed a single violation. As a result, each aggrieved person is entitled to, at most, one recovery for a single collective violation.Continue Reading Illinois Enacts BIPA Amendment Limiting Violation Accrual

On June 18, 2024, Louisiana enacted HB 577, prohibiting “social media platforms” with more than 1 million users globally from displaying targeted advertising to Louisiana users that the platform has actual knowledge are under 18 years of age and from selling the sensitive personal data of such users. The law amends the effective date of the state social media law, the Louisiana Secure Online Child Interaction and Age Limitation Act (“the SOCIAL Act”), to July 1, 2025. HB 577 also will take effect on July 1, 2025. This post summarizes the law’s key provisions.Continue Reading Louisiana Bans Targeted Advertising to Minors on Social Media Platforms

On June 6, the Texas Attorney General published a news release announcing that the Attorney General has opened an investigation into several car manufacturers.  The news release states that the investigation was opened “after widespread reporting that [car manufacturers] have secretly been collecting mass amounts of data about drivers directly

Continue Reading Texas Attorney General Opens Investigation into Car Manufacturers’ Collection and Sale of Drivers’ Data