For the second year in a row, we are releasing our State Biometric Privacy Law Tracker. The tracker, which compliments our State Privacy Law Tracker and State Children’s Privacy Law Tracker, identifies the states that are considering biometric privacy legislation and provides helpful links to the bills. Bookmark the page and use it

Keypoint: Courts resolved six motions to dismiss wiretapping claims based on session replay technology in January, while two VPPA decisions highlight balance struck by courts. A new privacy litigation theory based on “pen registries” has emerged as well.

Welcome to the tenth installment in our monthly data privacy litigation report. We prepare these reports to provide updates on how courts in the United States have handled emerging data privacy trends. In this post, we examine one chat-based wiretapping claim and six session replay technology (SRT) based wiretapping claims. These decisions demonstrate how courts are still inconsistent in how they resolve wiretapping claims, even in cases where the plaintiff and SRT vendor are the same. We also look at two VPPA decisions that reflect the balance courts have struck in resolving VPPA decisions. Finally, we look at a new emerging trend based on “pen registry” technology (which is commonly associated with logging what phone numbers a monitored phone dials).

There are many courts currently handling data privacy cases across the nation. Although illustrative, this update is not intended to be exhaustive. If there is another area of data privacy litigation about which you would like to know more, please reach out. The contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated. If you are interested in tracking developments between blog posts, consider following us on LinkedIn.

Keypoint: The 2024 state legislative session picks up where the 2023 session left off with lawmakers already pursuing consumer, children’s, biometric, and consumer health data privacy bills as well as data broker bills.

We are back for our fifth year of tracking proposed state privacy legislation and fourth year of providing weekly updates. As in past years, we will track proposed consumer data privacy legislation through our weekly updates and State Privacy Law Tracker map. We also already released our State Children’s Privacy Law Tracker map and summary of the status of proposed bills.

Last year, we also tracked proposed biometric, consumer health, data broker, algorithmic discrimination, and automated employment decision tools bills. This year, we will continue to track all of those bills but we are changing our format to bring you even more useful information. Here’s what is changing:

First, instead of providing historical information in a long blog post, we will provide the same information on bill tracking charts. This will hopefully streamline and consolidate the information into a more digestible format.

Second, in the coming weeks, we will make available expanded bill tracking charts to clients through a new client portal. Stay tuned for more information.

Finally, with the rapidly expanding number of algorithmic discrimination bills being filed, we are creating a separate update email to track those bills as well as other AI-related bills and regulations. We also will provide a new tracker map for certain types of AI bills.

We hope that these alerts and maps combined with our monthly privacy litigation updates will provide you with the best all-around coverage of emerging US privacy law.

Now to our first weekly update. As always, the contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated.

Keypoint: 2024 will again see numerous developments in children’s privacy law.

As the 2024 state legislative season begins, it’s clear that lawmakers are again focused on children’s privacy. For the past few years, lawmakers have introduced different children’s privacy models, on both the federal and state level. However, regulating this specific area of law has its own set of challenges. We are releasing our 2024 State Children’s Privacy Law Tracker, which identifies enacted legislation and states considering legislation. Bookmark the page and use it as a resource.

For an update on children’s state privacy law, see below where we outline recent developments, children’s privacy laws that go into effect in 2024, and proposed laws this legislative session.

Keypoint: New Hampshire is the fourteenth state to pass consumer data privacy legislation with a bill that is largely based on the Connecticut Data Privacy Act.

On January 18, 2024, the New Hampshire legislature passed SB255. Subject to the procedural formalities, the bill will move to New Hampshire Governor Christopher Sununu for consideration.

Assuming the bill becomes law, New Hampshire will become the fourteenth state – and already the second state in 2024 – to pass a consumer data privacy law.

The New Hampshire bill largely tracks the Connecticut Data Privacy Act (CTDPA) as that law was passed in 2022. It does not contain the amendments to the CTDPA that were incorporated through the 2023 Connecticut Senate Bill 3, such as the addition of consumer health data to the definition of sensitive data. The New Hampshire bill does contain a few variations, which we discuss below. As with prior bills, we have added the New Hampshire bill to our chart providing a detailed comparison of the laws enacted to date.

The below post is not intended to provide a complete summary of the New Hampshire bill but rather is intended to identify differences between that bill and the CTDPA as it was originally passed in 2022.

With all the new U.S. state privacy laws going into effect, tracking the many upcoming deadlines is no easy task—especially when you factor in children’s privacy, data broker, and consumer health data privacy laws. Don’t forget that many laws also have staggered deadlines, including deadlines to recognize universal opt-out mechanisms and update privacy policies.

On

Keypoint: New Jersey is the thirteenth state to pass consumer data privacy legislation with a bill that is generally based on the Washington Privacy Act model but with some notable differences.

On January 8, 2024, the New Jersey legislature passed Senate Bill 332. Subject to the procedural formalities in the legislature, the bill will move to New Jersey Governor Phil Murphy for consideration.

Assuming the bill becomes law, New Jersey will become the thirteenth state to pass a consumer data privacy law. The bill was passed on the last day of New Jersey’s two-year legislative cycle.

As reflected in the bill’s redline, the bill underwent significant revisions since it was first introduced in January 2022. The bill initially passed the New Jersey Senate in February 2023. At that time, we observed the bill was “narrow, perhaps most similar to the Nevada Online Privacy Protection Act.” At one point, the bill was amended to require consumers to opt into the sale of their personal data rather than opt out, but that requirement was removed. Ultimately, the bill was amended to be based on the Washington Privacy Act (WPA) model, but it does not always track the structure of typical WPA variants and contains some notable differences as we discuss below.

As with prior bills, we have added the New Jersey bill to our chart providing a detailed comparison of the laws enacted to date.

The below article provides a summary of the bill and some of its more notable provisions and differences from other bills. It is not intended to provide a full analysis of the bill.

Finally, when reviewing the current version of the bill available on the New Jersey legislature’s website, it is important to note that the first seven-and-a-half pages of the bill were removed through a December 18, 2023, committee amendment. The text of the passed bill begins on page eight. Also, a final clean version of the bill has not been published and it is possible, given the manner in which the bill was passed, that the final bill could contain some differences to the currently available version. For additional insight into the bill’s provisions, see Keir Lamont’s analysis here.