Photo of Shelby Dolen

Clients and legal teams appreciate Shelby’s passion for the law as it relates to protecting technology and company assets. She regularly monitors and researches fast-changing consumer privacy laws, with the understanding that critical strategy and success for any business includes oversight of data privacy policies and intellectual property portfolios.

Keypoint: The appellate court ruled that the California Age-Appropriate Design Code Act’s impact assessment provision is unconstitutional and remanded the case back to the trial court to consider the constitutionality of the other challenged provisions.

On August 16, the Ninth Circuit Court of Appeals issued an opinion in NetChoice v. Bonta on the constitutionality of California’s Age-Appropriate Design Code Act (AADC). The appellate court affirmed the district court’s decision in part and vacated it in part. The appellate court affirmed the district court’s ruling that NetChoice was likely to succeed in showing that the AADC’s data protection impact assessment requirement violates the First Amendment. Based on that ruling, the appellate court affirmed the district court’s decision to enjoin enforcement of that requirement. The appellate court vacated the remainder of the district court’s ruling, determining that it is unclear from the record whether the remaining provisions of the AADC challenged by NetChoice violate the First Amendment. The appellate court remanded the case to the district court to consider the constitutionality of those provisions and whether the law’s unconstitutional provisions are severable from the remainder of the law.

In the below article, we provide an overview and analysis of the Ninth Circuit’s ruling.Continue Reading Ninth Circuit Issues Opinion on Constitutionality of California’s AADC

Keypoint: Companies onboarding AI products and services need to understand the potential risks associated with these products and implement contractual provisions to manage them.

With the rapid emergence of artificial intelligence (AI) products and services, companies using these products and services need to negotiate contractual provisions that adequately address the unique issues they present. However, given that this area is new and rapidly emerging, companies may not appreciate that the use of AI may raise unique contractual issues. Even if companies do realize it, they may not know what those provisions should state. In addition, many AI-related contractual terms are complicated and confusing, oftentimes containing new terms and definitions that companies are unfamiliar with handling. 

In the below article, we identify key considerations when reviewing or preparing AI-related contracts. Although there may be other considerations depending on the specific use case, the below considerations should provide the reader with a useful starting point for how to address this issue.Continue Reading Key Considerations in AI-Related Contracts

Keypoint: Assuming the bills become law and go into effect, operators of websites and online services that collect the personal data of minors and are subject to the bills will need to undertake several compliance activities.

On June 7, 2024, the New York legislature passed two bills directed at kids’ use of online technologies – the New York Child Data Protection Act (S7695) and the Stop Addictive Feeds Exploitation (SAFE) for Kids Act (S7694). The bills will next move to New York Governor Kathy Hochul for consideration. The Governor already issued a press release in support of the bills.

Conversely, NetChoice – a trade association for Internet companies – issued a press release and wrote a Daily News’ op-ed calling the bills unconstitutional. NetChoice previously challenged the constitutionality of California’s Age-Appropriate Design Code Act. NetChoice won at the trial level and the case is on appeal.

In the below article, we provide a brief summary of the two bills.Continue Reading New York Legislature Passes Two Kids Privacy Bills

Keypoint: If signed into law, Colorado companies that process children’s data will have new requirements beginning on October 1, 2025.  

Prior to the legislature closing on May 8, Colorado lawmakers passed SB 41, which amends the Colorado Privacy Act (CPA) to add protections for children’s data privacy. If signed into law by Colorado Governor Jared Polis, it will go into effect on October 1, 2025. The bill creates new obligations for entities that offer any online service, product, or feature to minors (under 18). The bill is modeled on Connecticut’s SB 3 signed into law last June.

In the below article, we provide an overview of the obligations under SB 41 and the key differences between SB 41 and Connecticut’s SB 3.Continue Reading Colorado Legislature Passes Children’s Data Privacy Bill

Keypoint: If signed into law, Colorado will become the first state to enact legislation regulating the use of high-risk artificial intelligence systems.

On May 8, the Colorado legislature passed the Colorado Artificial Intelligence Act (SB 205). If signed by Governor Jared Polis, Colorado will become the first state to enact legislation that broadly addresses the use of artificial intelligence, in particular the use of artificial intelligence in high-risk activities. The bill is co-sponsored by Senate Majority Leader Robert Rodriguez and House Representatives Manny Rutinel and Brianna Titone.

In the below article, we first provide context and background on the bill. We then provide a summary of the bill’s provisions.Continue Reading Colorado Legislature Passes First-in-Nation Artificial Intelligence Bill

Keypoint: The Utah legislature repealed and replaced the Utah Social Media Act in response to a lawsuit challenging the law on constitutional grounds.

Prior to closing in early March, the Utah legislature passed two bills (SB 194 and HB 464) that repeal and replace the Utah Social Media Regulation Act, which the legislature passed just last year. The bills are the second part of a legislative process in which Utah lawmakers amended the Act in response to a lawsuit filed by an Internet trade association challenging the Act on constitutional grounds. The Utah legislature previously pushed back the Act’s effective date to delay the legal challenge while lawmakers worked to revise the Act. In the below article, we provide a brief background on the Act and then discuss the changes made by the two bills.Continue Reading Utah Legislature Repeals and Replaces Utah Social Media Regulation Act

Keypoint: 2024 will again see numerous developments in children’s privacy law.

As the 2024 state legislative season begins, it’s clear that lawmakers are again focused on children’s privacy. For the past few years, lawmakers have introduced different children’s privacy models, on both the federal and state level. However, regulating this specific area of law has its own set of challenges. We are releasing our 2024 State Children’s Privacy Law Tracker, which identifies enacted legislation and states considering legislation. Bookmark the page and use it as a resource.

For an update on children’s state privacy law, see below where we outline recent developments, children’s privacy laws that go into effect in 2024, and proposed laws this legislative session.Continue Reading Children’s State Privacy Law Update and Tracker Released

Keypoint: Privacy professionals will have their hands full with compliance deadlines over the next year.

Over the past few years, states have enacted numerous privacy laws, including broad consumer data privacy laws, children’s privacy laws, consumer health data privacy laws, and data broker laws. The enactment of so many privacy laws in such a short period of time has created an avalanche of compliance deadlines for businesses. In the below article, we identify the upcoming deadlines for this year (January 2024 through January 2025). We also provide a brief background on the various laws and, where available, links to our prior posts on each. We also have provided a chart identifying the deadlines.

In addition to the deadlines identified below, businesses subject to the California Consumer Privacy Act (CCPA) should keep in mind that CCPA § 1798.130(5) requires businesses to update their privacy policies “at least once every twelve months” and CCPA Regulation § 7011(e)(4) requires businesses to state when their privacy policy was last updated. Businesses should update their privacy policies to comply with this annual requirement.Continue Reading Upcoming 2024 State Privacy Law Compliance Deadlines

Keypoint: The Utah Division of Consumer Protection published proposed rules regulating social media companies under Utah’s Social Media Regulation Act.

On October 15, 2023, the Utah Division of Consumer Protection (the “Agency”) published proposed rules for Utah’s Social Media Regulation Act (“SMRA”). As required by the SMRA, the draft rules outline requirements for age verification and consent methods. These draft rules come just a month following federal district courts in California, Texas, and Arkansas enjoining children’s online laws from going into effect in those states.

In the below post, we first provide background on the SMRA. We then provide a summary of the substantive sections of the proposed rules and lastly outline key takeaways.Continue Reading Utah Proposes Rules for Social Media Regulation Act

Keypoint: A California federal district court granted NetChoice’s motion for preliminary injunction, finding that the California Age-Appropriate Design Code Act likely violates the First Amendment.

On September 18, 2023, the United States District Court for the Northern District of California granted NetChoice’s motion for preliminary injunction, enjoining Rob Bonta, Attorney General of the State of California, from enforcing the California Age-Appropriate Design Code Act (AADC). The ruling comes only weeks after federal district courts in Texas and Arkansas enjoined children’s online laws from going into effect in those states.

In the below post, we provide a brief background on the AADC, analyze the court’s ruling, and provide some context and takeaways on how it could impact privacy laws more generally.Continue Reading Court Enjoins California Age-Appropriate Design Code Act