With state legislatures opening across the country, lawmakers have already introduced close to 200 bills seeking to regulate the use of artificial intelligence. These bills are on a wide range of topics, including algorithmic discrimination, responsible use, transparency, and disclosures (to name a few).

On February 18, 2025 from 1:00 – 2:00 p.m. ET /

Keypoint: The New York legislature passes broad and restrictive health data privacy legislation with implications for businesses both within and outside New York.

Last week, the New York legislature passed the New York Health Information Privacy Act (S 929) (the “Act”). If signed into law, the Act will add New York to the list of states that have enacted consumer health data-specific privacy legislation in response to the U.S. Supreme Court’s decision in Dobbs v. Jackson Women’s Health Organization.

Although the Act is not a clone of Washington’s My Health My Data Act (“MHMD”), it follows many of the same themes: regulating health data beyond the state’s borders, utilizing a broad definition of health data, and imposing additional obligations and narrower exemptions than those seen in generally applicable consumer privacy legislation.

Below, we provide a summary of the Act and identify some of the unique challenges it poses for affected companies.

Keypoint: New York lawmakers passed a consumer health bill while lawmakers in numerous other states continue to introduce consumer data privacy, children’s privacy, and data broker bills.

Below is the third weekly update on the status of proposed state privacy legislation in 2025. As always, the contents provided below are time-sensitive and subject to change.

Keypoint: In our second weekly update for 2025, we are tracking new bills filed in Arkansas, Hawaii, Illinois, Massachusetts, Missouri, Nebraska, New Jersey, New York, Oklahoma, South Carolina, Texas, and Virginia.

Below is the second weekly update on the status of proposed state privacy legislation in 2025. As always, the contents provided below are time-sensitive and subject to change.

Keypoint: The FTC finalizes changes to bolster COPPA Rule, the first updates to the Rule since 2013.

The Federal Trade Commission (“FTC”) finalized changes to the Children’s Online Privacy Protection Act (“COPPA”) Rule today, making the first updates to the Rule since 2013. In January 2024, the FTC proposed changes to the COPPA Rule and those changes went through a year-long rulemaking process. The changes set new requirements around the collection, use, and disclosure of children’s personal information and provide parents with new tools and protections.

In the below post, we provide background on the COPPA Rule and a summary of the finalized changes, which will go into effect 60 days after publication in the Federal Register and require compliance one year from publication.

Keypoint: Texas files its first lawsuit enforcing its new state consumer data privacy law.

On January 13, 2025, Texas Attorney General’s Office filed its first lawsuit enforcing the Texas Data Privacy and Security Act (“TDPSA”). The law went into effect on July 1, 2024. The complaint also states claims under Texas’ data broker law and insurance code.

In the below post, we provide a brief summary of the complaint, including the factual allegations, causes of actions, and damages sought.