Photo of Marlaina Pinto [Former Attorney]

Marlaina Pinto [Former Attorney]

Formerly with Husch Blackwell, Marlaina focused on intellectual property and data privacy work.

State of Connecticut Waving Flag in 3D

Keypoint: Connecticut once again moves the needle on state privacy laws while at the same time integrating changes from other state laws.

On June 25, Connecticut Governor Lamont signed Senator James Maroney’s SB 1295 into law. The bill makes several notable changes to Connecticut’s existing consumer data privacy law, including modifying its applicability standard, exemptions, definitions, consumer rights, data minimization provisions, and children’s privacy sections. The bill also significantly modifies the law’s approach to profiling that will impact the use of artificial intelligence in some contexts.

In the below post, we provide a summary of the more notable changes. For each of the changes, we also provide the context for the change, including what the change means, its potential consequences, and how it fits into the larger landscape of state data privacy laws.

Keypoint: The Colorado legislature is considering significant amendments to the nation’s first algorithmic discrimination law.

On April 28, 2025, Colorado Senator Robert Rodriguez and Representative Brianna Titone introduced SB 318, which makes significant amendments to the Colorado AI Act (SB 205). The bill is currently pending in the Senate. The Colorado legislature closes Wednesday, May 7. In the below article, we provide an overview of the more significant proposed amendments.

In addition, because SB 318 is only a redline of the sections of the Colorado AI Act for which amendments were proposed, it does not show the changes in the full context of the existing law. We prepared a complete redline of the law, which is available to Byte Back AI subscribers here.

Keypoint: If signed by the governor, the Arkansas bill will create new obligations for the collection and processing of personal information for Arkansas children and teens under 16 years of age, however, compliance may prove difficult given ambiguity in the bill’s provisions.

On April 15, 2025, the Arkansas legislature passed HB 1717 – the Arkansas Children and Teens’ Online Privacy Protection Act. If signed by the governor, Arkansas will be the latest state to legislate in the teens’ privacy space but with a bill unlike any other passed to date.

In the below article, we provide a summary of the bill and its requirements.

Keypoint: The California Privacy Protection Agency settled its first non-data broker enforcement action with a $632,500 fine and other remedial measures.

On March 12, 2025, the California Privacy Protection Agency (Agency) announced its first non-data broker enforcement action requiring a vehicle manufacturer to pay an administrative fine of $632,500 in connection with the Agency’s review of connected vehicle manufacturers and related technologies’ privacy practices. The manufacturer also agreed to implement certain remedial actions.

In the below post, we provide an overview of the alleged violations and the penalties.

Keypoint: Texas files its first lawsuit enforcing its new state consumer data privacy law.

On January 13, 2025, Texas Attorney General’s Office filed its first lawsuit enforcing the Texas Data Privacy and Security Act (“TDPSA”). The law went into effect on July 1, 2024. The complaint also states claims under Texas’ data broker law and insurance code.

In the below post, we provide a brief summary of the complaint, including the factual allegations, causes of actions, and damages sought.

Keypoint: If signed into law, Colorado will become the first state to enact legislation regulating the use of high-risk artificial intelligence systems.

On May 8, the Colorado legislature passed the Colorado Artificial Intelligence Act (SB 205). If signed by Governor Jared Polis, Colorado will become the first state to enact legislation that broadly addresses the use of artificial intelligence, in particular the use of artificial intelligence in high-risk activities. The bill is co-sponsored by Senate Majority Leader Robert Rodriguez and House Representatives Manny Rutinel and Brianna Titone.

In the below article, we first provide context and background on the bill. We then provide a summary of the bill’s provisions.

employee-scaled.jpeg

Key Point: The EEOC released guidance to employers on how to assess adverse impacts when using artificial intelligence (AI) in the employment decision-making process.

The Equal Employment Opportunity Commission (EEOC) recently issued a technical assistance document to help employers avoid discriminating against job applicants and employees when using AI for employment decisions. In the technical assistance, the EEOC highlights that employers may violate Title VII of the Civil Rights Act of 1964 (Title VII) if their algorithmic decision-making tools have an adverse impact on protected classes, even where those tools are designed or administered by third parties.

Keypoint: June 2023 maintained a trend of mostly favorable outcomes for defendants as courts continue to grant motions to dismiss in session replay and VPPA cases.

This is the fifth installment in our monthly data privacy litigation reports to provide updates on how courts in the United States have handled emerging data privacy trends in the past month. In this post we look at decisions to dismiss session replay and VPPA claims coming out of California courts.

There are many courts currently handling data privacy cases across the nation. Although illustrative, this update is not intended to be exhaustive. If there is another area of data privacy litigation about which you would like to know more, please reach out. The contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated. If you are interested in tracking developments between blog posts, consider following us on LinkedIn.