Keypoint: The 2025 state legislative cycle begins with lawmakers introducing twenty-three bills, including five state consumer data privacy bills.

We are back for our sixth year of tracking proposed state privacy legislation and fifth year of providing weekly updates. As in past years, we will track proposed state privacy legislation through these weekly updates and our forthcoming state privacy law tracker map.

In this year’s weekly updates, we will continue to track proposed bills concerning consumer data, children’s data, biometric data, consumer health data, and data brokers. 

With the explosion of AI-related state bills (nearly 500 bills filed last year) and the significant resources necessary to track those bills, we have moved our coverage of those bills to a separate paid weekly newsletter – Byte Back AI. In Part 2, below, we provide more information on this week’s newsletter, which includes updates on dozens of new bills introduced last week and a summary of a new algorithmic discrimination bill with a private right of action.

We also made one structural change to our bill tracker charts this year. We combined our various tracker charts into a single chart and added a column identifying the bill’s category. 

Now to our first weekly update. As always, the contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated.

Keypoint: Twenty-five (25) privacy decisions from October-December show a significant uptick in the number of pixel-based wiretapping decisions issued from courts nationwide.

Welcome to the nineteenth installment in our monthly data privacy litigation report. We prepare these reports to provide updates on how courts in the United States have handled emerging data privacy trends. We are covering decisions from three months in this “holiday edition” update that covers decisions from October, November, and December 2024. Our holiday edition post covers the chat, session replay, and VPPA decisions just like our normal posts but also includes pixel-based wiretapping claims and pen registry/tap and trace decisions that are normally accessibly only by Byte Back + members. Interested in learning more about Byte Back+? Contact the authors or click here.

We are covering twenty-five (25) decisions in this holiday edition post, including four (4) chat-wiretapping decisions, four (4) SRT-wiretapping decisions, ten (10) pixel-wiretapping decisions, five (5) pen registry/ tap and trace (“PRTT”) decisions, and two (2) VPPA decisions. With that, let’s get to it.

Before we do, however, a quick disclaimer. There are many courts currently handling data privacy cases across the nation. Although illustrative, this update is not intended to be exhaustive. If there is another area of data privacy litigation about which you would like to know more, please reach out. The contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated. If you are interested in tracking developments between blog posts, consider following us on LinkedIn.

Our latest edition of Byte Back AI is now available to paid subscribers. In this edition, we provide:

  • An update on new AI bills filed in New York, Maryland, Virginia, and Texas.
  • Our latest AI state bill tracker chart. We are now tracking 50 state AI bills.
  • A comparison and analysis of ten key definitions

Welcome to the second edition of Byte Back AI, a weekly newsletter providing updates on proposed state AI bills and regulations, an AI bill tracker chart, summaries of important AI hearings, and special features. Starting January 6, 2025, Byte Back AI will be available only to paid subscribers. For more information on subscriptions, please click here.

As always, the contents provided below are time-sensitive and subject to change. 

Welcome to the first edition of Byte Back AI, a weekly newsletter providing updates on proposed state AI bills and regulations, an AI bill tracker chart, summaries of important AI hearings, and special features. The first two editions of Byte Back AI will be released for free on Byte Back. Starting January 6, 2025, Byte Back AI will be available only to paid subscribers. For more information on subscriptions, please click here.

Read the second complimentary edition here.

As always, the contents provided below are time-sensitive and subject to change. 

Keypoint: The attorney general’s office modified the Colorado Privacy Act Rules to create a process for issuing opinion letters and interpretative guidance and to address the biometric and children’s privacy amendments passed by the Colorado legislature during the 2024 session.

On December 6, the Colorado attorney general’s office notified the public that it has adopted updated Colorado Privacy Act (CPA) Rules. The office provided a clean version of the new rules as well as a redline of the changes.

The new rules create a process for issuing opinion letters and interpretive guidance. They also modify the existing language in the CPA Rules to address two bills passed by the Colorado legislature during its 2024 session – SB 41 (kid’s privacy) and HB 1130 (biometric privacy). You can read more about the SB 41 and SB 1130 here and here.

The adopted rules come after the office published draft rules in September and held a public hearing in November. The office made modifications to the rules based on public feedback received during that process.

The new rules still need to clear two hurdles before they go into effect. According to the attorney general’s office, “[a]s the final step in the rulemaking process, the Department has requested a formal opinion on the adopted rules from the Attorney General. After that formal opinion is issued, the rules will then be filed with the Secretary of State, and they will become effective 30 days after they are published in the state register.”

In the below article, we provide a brief summary of the more notable provisions in the new rules. For ease of analysis, the article discusses the rules based on the three topics they address: (1) biometric privacy, (2) children’s privacy, and (3) opinion letters and interpretive guidance.

State lawmakers filed nearly 500 AI-related bills in 2024 with Colorado, California, Illinois, and Utah passing notable laws. With state lawmakers emboldened by federal inactivity, 2025 promises to see even more state action. Regulatory agencies such as the California Privacy Protection Agency are also considering AI-related rulemaking that could have significant impact on businesses.

Join

On November 8, the California Privacy Protection Agency Board voted to advance the new draft CCPA regulations to formal rulemaking. In this on-demand webinar, HB privacy attorney Shelby Dolen provides a high-level summary of the draft risk assessment regulations. 

This is the fourth on-demand webinar in our four-part series analyzing the draft regulations. You can

On November 8, the California Privacy Protection Agency Board voted to advance the new draft CCPA regulations to formal rulemaking. In this on-demand webinar, HB privacy partner David Stauss provides a high-level summary of the draft cybersecurity audit regulations. 

This is the third on-demand webinar in our four-part series analyzing the draft regulations. You can

On November 8, the California Privacy Protection Agency Board voted to advance the new draft CCPA regulations to formal rulemaking. In this on-demand webinar, HB privacy partner David Stauss provides a high-level summary of the proposed changes to the existing CCPA regulations. 

This is the second on-demand webinar in a four-part series analyzing the draft