Legislation

On April 28, the House of Representatives voted 409-2 to pass the Tools to Address Known Exploitation by Immobilizing Technological Deepfakes on Websites and Networks Act (“TAKE IT DOWN Act”), which criminalizes the publication of nonconsensual intimate visual depictions (“NCII”) and requires online platforms to establish a notice and takedown process for NCII. The Act, which previously had been passed by the Senate, now goes to the President’s desk for signature. President Trump has indicated that he intends to sign the bill into law.Continue Reading U.S. Congress Passes Bill Establishing Notice and Takedown Regime for Publication of Nonconsensual Intimate Visual Depictions

On March 5, 2025, Senators Bill Cassidy (R-LA) and Gary Peters (D-MI) introduced the federal Genomic Data Protection Act (“GDPA”).  The Senators introduced the same bill at the end of last year, but the bill stagnated, and Congress adjourned soon after.  Notably, as part of his February 2024 white paper, Senator Cassidy specifically called for the regulation of genetic data collected by direct-to-consumer genetic testing companies, pointing to several states that have enacted laws regulating these companies over the past several years.Continue Reading U.S. Senate Introduces Genomic Data Protection Act

On Tuesday, March 11, 2025, in the first Senate Judiciary subcommittee hearing of the 119th Congress, the Senate Subcommittee on Crime and Counterterrorism held a hearing entitled “Ending the Scourge: The Need for the STOP CSAM Act.”  Subcommittee Chair Senator Josh Hawley (R-MO), who convened the hearing, and Ranking Member Dick Durbin (D-IL) announced in February that they intended to reintroduce the Strengthening Transparency and Obligations to Protect Children Suffering from Abuse and Mistreatment Act orSTOP CSAM Act”, a comprehensive bill that seeks to combat the online sexual exploitation of children.  First introduced in 2023, the Act did not receive a vote on the Senate floor last Congress, despite being unanimously advanced by the Senate Judiciary Committee. Continue Reading Senate Judiciary Subcommittee Holds Hearing on the STOP CSAM Act

On February 21, 2025, Congressmen Brett Guthrie (R-KY-2) and John Joyce (R-PA-13), Chairman and Vice Chairman of the House Committee on Energy and Commerce, respectively, issued a Request for Information (“RFI”) asking stakeholders to provide comments to the newly formed data privacy working group.  Chairman Guthrie and Vice Chairman Joyce

Continue Reading Federal Congressional Comprehensive Data Privacy Working Group Issues Request for Information

On December 24, 2024, New York Governor Kathy Hochul signed into law an amendment to New York General Business Law § 899-aa modifying the state’s data breach notification requirements.  The amended law, which is effective immediately, imposes new requirements businesses must follow when providing notifications following a data breach affecting New York residents.  Specifically, businesses now must disclose data breaches affecting New York residents within thirty days from the discovery of a breach.  Additionally, the amendment adds the New York Department of Financial Services (“NYDFS”) to the list of state regulators that must be notified whenever a breach requiring notification to New York residents occurs. Continue Reading New York Adopts Amendment to the State Data Breach Notification Law

This quarterly update highlights key legislative, regulatory, and litigation developments in the third quarter of 2024 related to artificial intelligence (“AI”) and connected and automated vehicles (“CAVs”).  As noted below, some of these developments provide industry with the opportunity for participation and comment.Continue Reading U.S. Tech Legislative, Regulatory & Litigation Update – Third Quarter 2024

With three months left until the end of this year’s legislative session, the California Legislature has been considering a flurry of bills regarding artificial intelligence (AI). Notable bills, described further below, impose requirements on developers and deployers of generative AI systems. The bills contain varying definitions of AI and generative AI systems. Each of these bills has been passed by one legislative chamber, but remains under consideration in the other chamber.Continue Reading California Legislature Advances Several AI-Related Bills

Earlier this month, lawmakers released a discussion draft of a proposed federal privacy bill, the American Privacy Rights Act of 2024 (the “APRA”).  While the draft aims to introduce a comprehensive federal privacy statute for the U.S., it contains some notable provisions that could potentially affect the development and use of artificial intelligence systems.  These provisions include the following:Continue Reading Certain Provisions in the American Privacy Rights Act of 2024 Could Potentially Affect AI

On March 7, Utah repealed and replaced its Social Media Regulation Act, which had previously been challenged in a pair of lawsuits by NetChoice and the Foundation for Individual Rights and Expression.  The replacement legislation is spread across two enacted bills, SB 194 and HB 464.  SB 194 contains the bulk of the legislation’s general provisions, while HB 464 includes a private right of action for certain harms associated with a minor’s use of algorithmically curated social media. We summarize below some of the key features of the new legislation, which will go into effect on October 1, 2024.Continue Reading Utah Repeals and Replaces Social Media Regulation Act

On February 14, 2024, Nebraska enacted a genetic privacy law (LB 308) regulating direct-to-consumer (“DTC”) genetic testing companies. The law is one of a flurry of bills regarding DTC genetic testing that have been introduced in several states since the beginning of 2024, following the enactment of several DTC genetic testing laws in 2023, such as in Virginia.Continue Reading Nebraska Enacts Direct-to-Consumer Genetic Privacy Law as Several Other States Propose Similar Bills at the Start of 2024