Keypoint: It was a busy week with the Kentucky legislature passing a bill to amend the state’s consumer data privacy law, bills crossing chambers in Vermont, Washington and Arkansas, and movement with bills in numerous other states.
Below is the tenth weekly update on the status of proposed state privacy legislation in 2025. As always, the contents provided below are time-sensitive and subject to change.
Keypoint: The California Privacy Protection Agency settled its first non-data broker enforcement action with a $632,500 fine and other remedial measures.
On March 12, 2025, the California Privacy Protection Agency (Agency) announced its first non-data broker enforcement action requiring a vehicle manufacturer to pay an administrative fine of $632,500 in connection with the Agency’s review of connected vehicle manufacturers and related technologies’ privacy practices. The manufacturer also agreed to implement certain remedial actions.
In the below post, we provide an overview of the alleged violations and the penalties.
Keypoint: Last week, the Utah legislature passed two bills prior to closing while Georgia’s Senate passed a consumer data privacy bill and the Arizona House passed a social media bill.
Below is the ninth weekly update on the status of proposed state privacy legislation in 2025. As always, the contents provided below are time-sensitive and subject to change.
Keypoint: Last week, consumer data privacy amendment bills crossed chambers in Montana and Kentucky, a social media bill crossed chambers in Colorado, and there were movements with numerous other bills.
Below is the eighth weekly update on the status of proposed state privacy legislation in 2025. As always, the contents provided below are time-sensitive and subject to change.
Keypoint: Last week, the Virginia legislature passed a VCDPA amendment, kid’s privacy bills crossed chambers in South Carolina and Utah, and lawmakers continued to introduce new bills on various topics.
Below is the seventh weekly update on the status of proposed state privacy legislation in 2025. As always, the contents provided below are time-sensitive and subject to change.
Keypoint: Last week saw a flurry of activity across numerous states, including bills advancing in Virginia, Oklahoma, Washington, Utah, and South Carolina, while lawmakers continued to introduce bills across the country.
Below is the sixth weekly update on the status of proposed state privacy legislation in 2025. As always, the contents provided below are time-sensitive and subject to change.
Keypoint: It was a very active week with movement on numerous bills, in particular in Virginia, as well as new bills introduced across the country.
Below is the fifth weekly update on the status of proposed state privacy legislation in 2025. As always, the contents provided below are time-sensitive and subject to change.
Keypoint: It was another busy week with Virginia lawmakers advancing three bills and new consumer and children’s privacy bills introduced in multiple states.
Below is the fourth weekly update on the status of proposed state privacy legislation in 2025. As always, the contents provided below are time-sensitive and subject to change.
Keypoint: The New York legislature passes broad and restrictive health data privacy legislation with implications for businesses both within and outside New York.
Last week, the New York legislature passed the New York Health Information Privacy Act (S 929) (the “Act”). If signed into law, the Act will add New York to the list of states that have enacted consumer health data-specific privacy legislation in response to the U.S. Supreme Court’s decision in Dobbs v. Jackson Women’s Health Organization.
Although the Act is not a clone of Washington’s My Health My Data Act (“MHMD”), it follows many of the same themes: regulating health data beyond the state’s borders, utilizing a broad definition of health data, and imposing additional obligations and narrower exemptions than those seen in generally applicable consumer privacy legislation.
Below, we provide a summary of the Act and identify some of the unique challenges it poses for affected companies.
Keypoint: New York lawmakers passed a consumer health bill while lawmakers in numerous other states continue to introduce consumer data privacy, children’s privacy, and data broker bills.
Below is the third weekly update on the status of proposed state privacy legislation in 2025. As always, the contents provided below are time-sensitive and subject to change.