Recent enforcement actions and announcements from the California Privacy Protection Agency (CPPA) and state Attorneys-General (AGs) in California, Colorado and Connecticut, and a California bill that passed the state legislature, signal a new phase of heightened enforcement, focused on honoring consumers’ opt out requests, including through cookie banners and the…
During a Board Meeting on July 24, 2025, the California Privacy Protection Agency (CPPA) unanimously approved the long-awaited final text of its second rulemaking package, implementing a broad swath of new requirements regarding risk assessments, automated decisionmaking technology (ADMT), and cybersecurity audits. The regulations, under the California Consumer Privacy Act (CCPA), also…
On March 7, 2025, the California Privacy Protection Agency (Agency) reached a settlement with American Honda Motor Co. (Honda) resolving allegations that the company violated the California Consumer Privacy Act (CCPA). The order required Honda to pay a $632,500 fine and implement changes to its data privacy practices. The Agency…
The Trump Administration has not slowed down in its rollout of wide-sweeping technology policy changes with potentially significant impacts to be felt throughout the country and around the globe. Personnel changes and public announcements of new priorities are the throughline of new actions crossing various sectors and agencies at the…
Introduction As the United States transitions to a new administration, federal policymaking is beginning to shift away from civil rights and other Biden-era AI governance priorities and towards AI policies focused on “out-innovating the rest of the world,” securing US technological advantage, and national security, defense, and cybersecurity. In the…
Aristotle, the Greek philosopher and polymath of the fourth century BC is known to have coined the phrase horror vacui – nature abhors a vacuum, meaning that in nature, a vacuum or a void isn’t a steady state. Fast forward 2,400 years, and the same holds true for tech regulation….
Since the passing of the California Consumer Privacy Act (CCPA) in 2018, California has led the nation in privacy regulation and enforcement. But, beginning July 1, 2024, Texas will be the new sheriff in town. On July 1, Texas’ Data Privacy and Security Act goes into effect as one of the strongest…
On February 13, 2024, New York State’s Attorney General (AG) Letitia James and the New York State Education Department (NYSED) announced a $750,000 settlement with the non-profit College Board over allegations that College Board shared and sold student personal information in violation of the state’s student privacy law, New York…
This year, Data Privacy Day, January 28, fell on a Sunday, allowing us extra time to contemplate – between NFL championship games – the top ten things to keep your eyes on in US privacy in 2024. The coming year will continue to feature a dizzying pace of developments, including…
On 21 September 2023, the UK government announced the UK Extension to the EU-US Data Privacy Framework (DPF), i.e., the US-UK data bridge (Data Bridge). The Data Bridge will go live on 12 October 2023 and will enable UK organisations to transfer personal data to organisations in the US that…