Photo of Marlaina Pinto

Marlaina Pinto

Marlaina focuses on intellectual property and data privacy work.

With a prior career working with online data assets for a marketing technology and consulting company, Marlaina was drawn to the fast-paced changes in data privacy and AI regulations. During law school, she served as editor-in-chief of the Colorado Technology Law Journal, where she worked with articles on emerging tech law and policy issues. She also served as both a law clerk and summer associate at Husch Blackwell, gaining practical experience in drafting privacy policies and tracking state privacy and AI bills. Her work at the firm further honed her skills in creating compliance strategies that address various privacy laws across different jurisdictions.

Contact:Read more about Marlaina Pinto

Keypoint: The Colorado legislature is considering significant amendments to the nation’s first algorithmic discrimination law.

On April 28, 2025, Colorado Senator Robert Rodriguez and Representative Brianna Titone introduced SB 318, which makes significant amendments to the Colorado AI Act (SB 205). The bill is currently pending in the Senate. The Colorado legislature closes Wednesday, May 7. In the below article, we provide an overview of the more significant proposed amendments.

In addition, because SB 318 is only a redline of the sections of the Colorado AI Act for which amendments were proposed, it does not show the changes in the full context of the existing law. We prepared a complete redline of the law, which is available to Byte Back AI subscribers here.

Keypoint: If signed by the governor, the Arkansas bill will create new obligations for the collection and processing of personal information for Arkansas children and teens under 16 years of age, however, compliance may prove difficult given ambiguity in the bill’s provisions.

On April 15, 2025, the Arkansas legislature passed HB 1717 – the Arkansas Children and Teens’ Online Privacy Protection Act. If signed by the governor, Arkansas will be the latest state to legislate in the teens’ privacy space but with a bill unlike any other passed to date.

In the below article, we provide a summary of the bill and its requirements.

Keypoint: The California Privacy Protection Agency settled its first non-data broker enforcement action with a $632,500 fine and other remedial measures.

On March 12, 2025, the California Privacy Protection Agency (Agency) announced its first non-data broker enforcement action requiring a vehicle manufacturer to pay an administrative fine of $632,500 in connection with the Agency’s review of connected vehicle manufacturers and related technologies’ privacy practices. The manufacturer also agreed to implement certain remedial actions.

In the below post, we provide an overview of the alleged violations and the penalties.

Keypoint: Texas files its first lawsuit enforcing its new state consumer data privacy law.

On January 13, 2025, Texas Attorney General’s Office filed its first lawsuit enforcing the Texas Data Privacy and Security Act (“TDPSA”). The law went into effect on July 1, 2024. The complaint also states claims under Texas’ data broker law and insurance code.

In the below post, we provide a brief summary of the complaint, including the factual allegations, causes of actions, and damages sought.

Keypoint: If signed into law, Colorado will become the first state to enact legislation regulating the use of high-risk artificial intelligence systems.

On May 8, the Colorado legislature passed the Colorado Artificial Intelligence Act (SB 205). If signed by Governor Jared Polis, Colorado will become the first state to enact legislation that broadly addresses the use of artificial intelligence, in particular the use of artificial intelligence in high-risk activities. The bill is co-sponsored by Senate Majority Leader Robert Rodriguez and House Representatives Manny Rutinel and Brianna Titone.

In the below article, we first provide context and background on the bill. We then provide a summary of the bill’s provisions.

Key Point: The EEOC released guidance to employers on how to assess adverse impacts when using artificial intelligence (AI) in the employment decision-making process.

The Equal Employment Opportunity Commission (EEOC) recently issued a technical assistance document to help employers avoid discriminating against job applicants and employees when using AI for employment decisions. In the technical assistance, the EEOC highlights that employers may violate Title VII of the Civil Rights Act of 1964 (Title VII) if their algorithmic decision-making tools have an adverse impact on protected classes, even where those tools are designed or administered by third parties.

Keypoint: June 2023 maintained a trend of mostly favorable outcomes for defendants as courts continue to grant motions to dismiss in session replay and VPPA cases.

This is the fifth installment in our monthly data privacy litigation reports to provide updates on how courts in the United States have handled emerging data privacy trends in the past month. In this post we look at decisions to dismiss session replay and VPPA claims coming out of California courts.

There are many courts currently handling data privacy cases across the nation. Although illustrative, this update is not intended to be exhaustive. If there is another area of data privacy litigation about which you would like to know more, please reach out. The contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated. If you are interested in tracking developments between blog posts, consider following us on LinkedIn.