NYC Finalizes Regulations on AI Employment Tools and Will Begin Enforcement on July 5, 2023

By Owen Davis & Keith Ybanez on April 20, 2023

Keypoint: New York City issued final regulations on the use of automated employment decision tools by employers, with enforcement to begin on July 5, 2023.

The New York City Department of Consumer and Worker Protection (DCWP) adopted its Final Rule to implement Local Law 144, which regulates the use of “automated employment decision tools” (AEDTs) to screen applicants or employees in the city. The DCWP also announced that it will begin enforcing the law on July 5, 2023.

Washington Legislature Passes My Health My Data Act

By David Stauss on April 17, 2023

Posted in Washington 2023, Washington My Health My Data

Keypoint: With a private right of action, broad applicability to businesses of all sizes and types, a scope that is broader than its name suggests, and strong consent-based requirements and privacy rights, the Washington My Health My Data Act will be a transformative privacy law for the United States.

On April 17, 2023, the Washington legislature passed the My Health My Data Act (MHMD) (HB 1155). The bill now heads to the Washington Governor who can sign it, veto it, or allow the bill to become law without signature.

We have been tracking MHMD since it was first introduced in early January, provided a detailed analysis of the bill after it first passed the House in mid-March, and discussed its definition of “consumer health data” and private right of action in our April 10 weekly post. In the below post, we add to our analysis by providing five key takeaways about MHMD.

Proposed State Privacy Law Update: April 17, 2023

By David Stauss on April 16, 2023

Posted in Arizona 2023, California 2023, Connecticut 2023, District of Columbia 2023, Florida 2023, Hawaii 2023, Illinois 2023, Indiana 2023, Iowa 2023, Louisiana 2023, Maryland 2023, Massachusetts 2023, Minnesota 2023, Missouri 2023, Montana 2023, Nevada 2023, New Hampshire 2023, New Jersey 2023, New York 2023, North Carolina 2023, Oklahoma 2023, Oregon 2023, Pennsylvania 2023, Rhode Island 2023, South Carolina 2023, State privacy legislation, Tennessee 2023, Texas 2023, Vermont 2023, Washington 2023

Keypoint: Last week the Indiana legislature passed a consumer data privacy bill.

Below is the fourteenth weekly update on the status of proposed state privacy legislation in 2023. Before we get to our update, we wanted to provide two reminders.

First, we are regularly updating our 2023 State Privacy Law Tracker, 2023 State Children’s Privacy Law Tracker, and 2023 State Biometric Privacy Law Tracker. We encourage you to bookmark the pages for easy reference.

Second, the contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated. If you are interested in tracking developments between blog posts, consider following on LinkedIn and/or Twitter.

Indiana Legislature Passes Consumer Data Privacy Bill

By David Stauss on April 13, 2023

Posted in Indiana 2023

Keypoint: The Indiana legislature is the seventh state legislature to pass consumer data privacy legislation.

On April 13, 2023, the Indiana legislature passed SB 5. The bill largely tracks the Virginia Consumer Data Protection Act (VCDPA) with some limited variations.

The Senate originally passed the bill by a vote of 49-0 on February 9, 2023. The House passed an amended version of the bill by a vote of 98-0 on April 11, 2023. On April 13, 2023, the Senate concurred in the House amendments. Pending any remaining procedural hurdles, the bill will be sent to Indiana Governor Eric Holcomb in the coming days.

In the below post, we provide a summary of some of the bill’s unique provisions. Click here for a more detailed comparison of the Indiana bill against the six existing state privacy laws.

Proposed State Privacy Law Update: April 10, 2023

By David Stauss on April 9, 2023

Posted in Arizona 2023, Arkansas 2023, California 2023, Connecticut 2023, District of Columbia 2023, Florida 2023, Hawaii 2023, Illinois 2023, Indiana 2023, Louisiana 2023, Maryland 2023, Massachusetts 2023, Minnesota 2023, Mississippi 2023, Missouri 2023, Montana 2023, Nevada 2023, New Hampshire 2023, New Jersey 2023, New York 2023, North Carolina 2023, Oklahoma 2023, Oregon 2023, Pennsylvania 2023, Rhode Island 2023, South Carolina 2023, State privacy legislation, Tennessee 2023, Texas 2023, Vermont 2023, Washington 2023

Keypoint: Last week the Washington Senate passed the My Health My Data Act, the Arkansas legislature passed the Social Media Safety Act, and the Texas House passed the Texas Data Privacy and Security Act.

Below is the thirteenth weekly update on the status of proposed state privacy legislation in 2023. Before we get to our update, we wanted to provide two reminders.

U.S. Privacy Litigation Update: March 2023

By Dustin Taylor on April 4, 2023

Posted in Privacy Litigation

Keypoint: In March 2023, more California courts tackled motions to dismiss claims that chat features violate wiretapping laws while Georgia and Minnesota courts weighed in on VPPA claims.

This is the first of our monthly data privacy litigation reports to provide updates on how courts have handled emerging data privacy tends in the past month. In this post we look at developments in lawsuits relating to chat wiretap claims, session replay claims, VPPA claims, and BIPA claims. (If any of these case theories are new to you, be sure to check out the “Overview” section below.) There are many courts currently handling data privacy cases across the nation. Although illustrative, this update is not intended to be exhaustive. If there is another area of data privacy litigation about which you would like to know more, please reach out.

The contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated. If you are interested in tracking developments between blog posts, consider following us on LinkedIn.

Proposed State Privacy Law Update: April 3, 2023

By David Stauss on April 1, 2023

Posted in Arizona 2023, Arkansas 2023, California 2023, Connecticut 2023, District of Columbia 2023, Florida 2023, Hawaii 2023, Illinois 2023, Indiana 2023, Iowa 2023, Kentucky 2023, Louisiana 2023, Maryland 2023, Massachusetts 2023, Minnesota 2023, Missouri 2023, Montana 2023, Nevada 2023, New Hampshire 2023, New Jersey 2023, New Mexico 2023, New York 2023, Oklahoma 2023, Oregon 2023, Pennsylvania 2023, Rhode Island 2023, South Carolina 2023, State privacy legislation, Tennessee 2023, Texas 2023, Vermont 2023, Washington 2023

Last week the Iowa Governor signed the Iowa Privacy Act into law, social media bills were voted out of the Arkansas Senate and a New Jersey Assembly committee, an amended version of Florida’s consumer privacy bill advanced out of a subcommittee, and Connecticut’s health and children’s privacy bill was voted out of a committee.

Below is the twelfth weekly update on the status of proposed state privacy legislation in 2023. Before we get to our update, we wanted to provide two reminders.

California OAL Approves CCPA Regulations

By David Stauss on March 30, 2023

Posted in California Privacy Rights Act

Keypoint: The Office of Administrative Law’s approval of the CCPA regulations ends a months-long rulemaking process that began in September 2021.

On March 30, 2023, the California Privacy Protection Agency (Agency) announced that the California Office of Administrative Law (OAL) approved the Agency’s first substantive CCPA rulemaking package. The approved regulations, which are immediately effective, can be enforced beginning July 1, 2023.

Legislating Data Privacy Series: A Conversation with Texas Representative Giovanni Capriglione

By David Stauss on March 27, 2023

Posted in Legislating Data Privacy Series

In the nineteenth episode of our Legislating Data Privacy podcast series, we talk with Texas Representative Giovanni Capriglione.

Representative Capriglione is the primary author of the Texas Data Privacy and Security Act (House Bill 4). During this interview, Representative Capriglione discusses the background of drafting the bill, the bill’s provisions (including its unique takes on some familiar concepts), and the potential path for passage.

Click here or below to listen to the full interview.

Proposed State Privacy Law Update: March 27, 2023

By David Stauss on March 26, 2023

Posted in Arizona 2023, California 2023, Connecticut 2023, District of Columbia 2023, Florida 2023, Hawaii 2023, Illinois 2023, Indiana 2023, Iowa 2023, Kentucky 2023, Maryland 2023, Massachusetts 2023, Minnesota 2023, Missouri 2023, Montana 2023, Nevada 2023, New Hampshire 2023, New Jersey 2023, New Mexico 2023, New York 2023, Oklahoma 2023, Oregon 2023, Rhode Island 2023, South Carolina 2023, State privacy legislation, Tennessee 2023, Texas 2023, Utah 2023, Vermont 2023, Washington 2023

Keypoint: Last week the Maryland House passed a children’s privacy bill, the Utah Governor signed two social media bills, the Washington My Health My Data Act continued to progress, and committees in Texas and Tennessee advanced consumer privacy bills.

Below is the eleventh weekly update on the status of proposed state privacy legislation in 2023. Before we get to our update, we wanted to provide two reminders.