Photo of David Stauss

David Stauss

 

David routinely counsels clients on complying with privacy laws such as the EU's General Data Protection Regulation, the California Consumer Privacy Act, the Colorado Privacy Act, and other state privacy laws. David is certified by the International Association of Privacy Professionals as a Privacy Law Specialist, Certified Information Privacy Professional (US and EU), Certified Information Privacy Technologist, and Fellow of Information Privacy.

Keypoint: Connecticut once again moves the needle on state privacy laws while at the same time integrating changes from other state laws.

On June 25, Connecticut Governor Lamont signed Senator James Maroney’s SB 1295 into law. The bill makes several notable changes to Connecticut’s existing consumer data privacy law, including modifying its applicability standard, exemptions, definitions, consumer rights, data minimization provisions, and children’s privacy sections. The bill also significantly modifies the law’s approach to profiling that will impact the use of artificial intelligence in some contexts.

In the below post, we provide a summary of the more notable changes. For each of the changes, we also provide the context for the change, including what the change means, its potential consequences, and how it fits into the larger landscape of state data privacy laws.

Keypoint: Last week, the Vermont Governor signed the Vermont Age-Appropriate Design Code Act into law.

Below is the twenty third weekly update on the status of proposed state privacy legislation in 2025. As always, the contents provided below are time-sensitive and subject to change.

Table of Contents

  1. What’s New
  2. AI Bills
  3. Bill Tracker Chart

1.

Keypoint: Last week, the Connecticut legislature passed an amendment to the state’s consumer data privacy law and bills advanced in Oregon, California, Texas, Nevada, Louisiana, and New York.

Below is the twenty second weekly update on the status of proposed state privacy legislation in 2025. As always, the contents provided below are time-sensitive and subject

Keypoint: Last week, governors in Colorado, Oregon, Nebraska, and Texas signed bills into law while bills advanced in Maine, Oregon, Vermont, and Texas.

Below is the twenty first weekly update on the status of proposed state privacy legislation in 2025. As always, the contents provided below are time-sensitive and subject to change.

Table of Contents

Keypoint: Last week, Oregon and New Jersey advanced bills to amend their state’s consumer data privacy laws, California committees advanced several bills, Nebraska enacted a social media law, and Texas advanced several social media bills.

Below is the twentieth weekly update on the status of proposed state privacy legislation in 2025. As always, the contents

Keypoint: Last week, Oregon’s legislature passed a bill to amend the state’s consumer data privacy law, the Connecticut Senate passed two bills, and there were developments with bills in New Jersey, Nebraska, Texas, Massachusetts, and Louisiana.

Below is the nineteenth weekly update on the status of proposed state privacy legislation in 2025. As always, the

Keypoint: Last week, the Colorado legislature passed an amendment to the state’s data privacy law, the Texas legislature passed a bill regulating app stores, and there were developments with bills in Connecticut, Maine, New York and South Carolina.

Below is the eighteenth weekly update on the status of proposed state privacy legislation in 2025. As

KeypointIn its second non-data broker enforcement action for violations of the CCPA, the California Privacy Protection Agency entered into a stipulated final order with a retailer for a $345,178 administrative fine and other remedial measures.

On May 6, 2025, the California Privacy Protection Agency (Agency) announced its second non-data broker enforcement action, requiring a national retailer to pay a $345,178 administrative fine and implement certain remedial actions for violations of the California Consumer Privacy Act (CCPA). The Agency’s enforcement action comes just two months after its first enforcement action in which it required a vehicle manufacturer to pay a $632,500 administrative fine and implement remedial actions. It also follows remarks from the Agency’s Deputy Director of Enforcement, Michael Macko, at last month’s IAPP Global Privacy Summit indicating that the Agency is enforcing CCPA violations across a wide range of industries.

In the below post, we provide an overview of the violations and penalties.