Update your bookmark, we just released our 2025 State Privacy Law Tracker.
For the fifth year in a row, we will be tracking state consumer data privacy legislation on our tracker map and through weekly updates posted on this blog. If you are not already subscribed to our blog, consider doing so.
Keypoint: In our second weekly update for 2025, we are tracking new bills filed in Arkansas, Hawaii, Illinois, Massachusetts, Missouri, Nebraska, New Jersey, New York, Oklahoma, South Carolina, Texas, and Virginia.
Below is the second weekly update on the status of proposed state privacy legislation in 2025. As always, the contents provided below are time-sensitive and subject to change.
Keypoint: Texas files its first lawsuit enforcing its new state consumer data privacy law.
On January 13, 2025, Texas Attorney General’s Office filed its first lawsuit enforcing the Texas Data Privacy and Security Act (“TDPSA”). The law went into effect on July 1, 2024. The complaint also states claims under Texas’ data broker law and insurance code.
In the below post, we provide a brief summary of the complaint, including the factual allegations, causes of actions, and damages sought.
Keypoint: The 2025 state legislative cycle begins with lawmakers introducing twenty-three bills, including five state consumer data privacy bills.
We are back for our sixth year of tracking proposed state privacy legislation and fifth year of providing weekly updates. As in past years, we will track proposed state privacy legislation through these weekly updates and our forthcoming state privacy law tracker map.
In this year’s weekly updates, we will continue to track proposed bills concerning consumer data, children’s data, biometric data, consumer health data, and data brokers.
With the explosion of AI-related state bills (nearly 500 bills filed last year) and the significant resources necessary to track those bills, we have moved our coverage of those bills to a separate paid weekly newsletter – Byte Back AI. In Part 2, below, we provide more information on this week’s newsletter, which includes updates on dozens of new bills introduced last week and a summary of a new algorithmic discrimination bill with a private right of action.
We also made one structural change to our bill tracker charts this year. We combined our various tracker charts into a single chart and added a column identifying the bill’s category.
Now to our first weekly update. As always, the contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated.
Welcome to the second edition of Byte Back AI, a weekly newsletter providing updates on proposed state AI bills and regulations, an AI bill tracker chart, summaries of important AI hearings, and special features. Starting January 6, 2025, Byte Back AI will be available only to paid subscribers. For more information on subscriptions, please click here.
As always, the contents provided below are time-sensitive and subject to change.
Welcome to the first edition of Byte Back AI, a weekly newsletter providing updates on proposed state AI bills and regulations, an AI bill tracker chart, summaries of important AI hearings, and special features. The first two editions of Byte Back AI will be released for free on Byte Back. Starting January 6, 2025, Byte Back AI will be available only to paid subscribers. For more information on subscriptions, please click here.
Read the second complimentary edition here.
As always, the contents provided below are time-sensitive and subject to change.
Keypoint: The attorney general’s office modified the Colorado Privacy Act Rules to create a process for issuing opinion letters and interpretative guidance and to address the biometric and children’s privacy amendments passed by the Colorado legislature during the 2024 session.
On December 6, the Colorado attorney general’s office notified the public that it has adopted updated Colorado Privacy Act (CPA) Rules. The office provided a clean version of the new rules as well as a redline of the changes.
The new rules create a process for issuing opinion letters and interpretive guidance. They also modify the existing language in the CPA Rules to address two bills passed by the Colorado legislature during its 2024 session – SB 41 (kid’s privacy) and HB 1130 (biometric privacy). You can read more about the SB 41 and SB 1130 here and here.
The adopted rules come after the office published draft rules in September and held a public hearing in November. The office made modifications to the rules based on public feedback received during that process.
The new rules still need to clear two hurdles before they go into effect. According to the attorney general’s office, “[a]s the final step in the rulemaking process, the Department has requested a formal opinion on the adopted rules from the Attorney General. After that formal opinion is issued, the rules will then be filed with the Secretary of State, and they will become effective 30 days after they are published in the state register.”
In the below article, we provide a brief summary of the more notable provisions in the new rules. For ease of analysis, the article discusses the rules based on the three topics they address: (1) biometric privacy, (2) children’s privacy, and (3) opinion letters and interpretive guidance.
Keypoint: Of the ten privacy- and AI-related bills passed by the California legislature in the 2024 legislative session, Governor Newsom signed seven into law and vetoed three by the September 30 deadline.
Throughout the 2024 legislative session, we have been tracking numerous privacy- and AI-related bills pending in California. Ten of those bills passed the state legislature before the legislative session ended on August 31 (nine of which passed in the final week of August). Governor Newsom had a deadline of September 30 to sign or veto the bills that passed. Of the ten total bills, he signed seven into law and vetoed three bills. Those seven bills scheduled to go into effect consist of four laws related to privacy and three laws related to AI.
The below article provides a summary of the ten bills that Governor Newsom either signed into law or vetoed.
Keypoint: The proposed draft amendments modify the Colorado Privacy Act Rules to create a process for issuing opinion letters and interpretative guidance and to address the biometric and children’s privacy amendments passed by the Colorado legislature this year.
On September 13, 2024, the Colorado Attorney General’s office published proposed draft amendments to the Colorado Privacy Act (CPA) Rules. The office also announced a rulemaking hearing on Thursday, November 7, 2024, and will accept written public comments until that date.
The draft proposed amendments create a process for issuing opinion letters and interpretive guidance. They also modify the existing language in the CPA Rules to address two bills passed by the Colorado legislature this year – SB 41 (kid’s privacy) and HB 1130 (biometric privacy). You can read more about the SB 41 and SB 1130 here and here.
In the below post, we provide a short summary of some of the more notable parts of the proposed amendments.
Keypoint: The California legislature closed its 2024 session by passing five privacy-related bills and four AI-related bills.
On Saturday, August 31, the California legislature closed its 2024 session. During the past calendar year, we tracked numerous privacy and AI-related bills with fourteen of them passing out of their chamber of origin prior to the legislative deadline. For the past month, we have been tracking thirteen of those bills with weekly updates (the fourteenth bill already having passed through the legislature). Of the six privacy-related bills we have been tracking, five ultimately passed the legislature during the final week of the session. Four of the seven AI-related bills also passed.
The below article first provides a summary of the bills that passed during the final week of the session. The article then provides an overview of all fourteen bills.