State lawmakers filed nearly 500 AI-related bills in 2024 with Colorado, California, Illinois, and Utah passing notable laws. With state lawmakers emboldened by federal inactivity, 2025 promises to see even more state action. Regulatory agencies such as the California Privacy Protection Agency are also considering AI-related rulemaking that could have significant impact on businesses.
Join
On November 8, the California Privacy Protection Agency Board voted to advance the new draft CCPA regulations to formal rulemaking. In this on-demand webinar, HB privacy attorney Shelby Dolen provides a high-level summary of the draft risk assessment regulations.
This is the fourth on-demand webinar in our four-part series analyzing the draft regulations. You can
On November 8, the California Privacy Protection Agency Board voted to advance the new draft CCPA regulations to formal rulemaking. In this on-demand webinar, HB privacy partner David Stauss provides a high-level summary of the draft cybersecurity audit regulations.
This is the third on-demand webinar in our four-part series analyzing the draft regulations. You can
On November 8, the California Privacy Protection Agency Board voted to advance the new draft CCPA regulations to formal rulemaking. In this on-demand webinar, HB privacy partner David Stauss provides a high-level summary of the proposed changes to the existing CCPA regulations.
This is the second on-demand webinar in a four-part series analyzing the draft
On November 8, the California Privacy Protection Agency Board voted to advance the new draft CCPA regulations to formal rulemaking. In this on-demand webinar, HB privacy partner David Stauss provides a high-level summary of the draft regulations on automated decisionmaking technology (ADMT). During the Board meeting, the draft ADMT regulations were a source of many
Keypoint: The New York State Department of Financial Services (NYDFS) issued an industry letter outlining the threats posed to U.S. companies who hire remote technology workers linked to North Korea and may embezzle funds from their new employers.
On November 1, 2024, NYDFS issued guidance warning companies against an increasing risk posed from individuals applying for employment in IT roles who are in fact operating on behalf of North Korea. These applicants seek employment in order to infiltrate western companies’ computer systems and illicitly generate revenue for the North Korean regime.
Keypoint: The New York Department of Financial Services (NYDFS) circulated an industry letter offering guidance to NYDFS “Covered Entities” for assessing and managing AI-related cybersecurity risks, including threats malicious actors using AI and the risks associated with a Covered Entity’s own AI systems.
The NYDFS industry letter (“Letter”) recognizes that Covered Entities can leverage AI to enhance their cybersecurity posture. The department contends that doing so would bolster entities’ compliance with NYDFS cybersecurity regulation 23 NYCRR Part 500 (“Part 500”).
Keypoint: Massachusetts’ highest court ruled the use of software that tracks users’ activity on its website does not violate the state’s Wiretap Act, which was intended to prevent the recording or interception of communications between two or more persons.
On October 24, the Massachusetts Supreme Judicial Court held the state’s wiretapping act did not apply to the collection of users’ browsing activities on websites. In Vita v. New England Baptist, Massachusetts’ highest State Court held in a 5-1 decision that although the law did not define “communication,” it nevertheless was limited to communications between individuals and did not extend to cover a user’s browsing on a website. This decision, which is limited to the Massachusetts Wiretap Act, establishes that website operators can use tracking tools like Meta Pixel and Google Analytics to gather users’ browsing data without their consent, highlighting the limitations of the decades-old surveillance laws in addressing modern privacy concerns. Notably, several California courts have reached opposite conclusions under the corresponding California wiretapping laws (commonly known as CIPA Section 631(a)).
In the below article, we provide an overview and analysis of the Massachusetts Supreme Judicial Court ruling and the potential impact on the wave of privacy litigation ongoing in California Courts.
Keypoint: California state courts weigh in on what does, and does not, qualify as a “pen registry” or “tap and trace” device while one California federal court raises whether a wiretapping claim can also allow for a CCPA privacy right of action.
Welcome to the eighteenth installment in our monthly data privacy litigation report. We prepare these reports to provide updates on how courts in the United States have handled emerging data privacy trends. In this month’s post, we examine two decisions from California Federal District Courts that dismissed chat-based wiretapping claims. We also look at four VPPA decisions (three from the same jurisdiction) that all dismissed VPPA claims under Rule 12(b)(6), showing courts’ growing lack of patience for plaintiffs’ attorneys who fail to plead such claims with specificity and under the standards established by past VPPA decisions.
Byte Back + members also get access to coverage of four pen registry decisions, one (substantial) pixel decision, an email tracking decision, plus and our coverage of oral argument in the Ninth Circuit’s Briskin v Shopify decision. Interested in learning more about Byte Back+? Contact the authors or click here.
There are many courts currently handling data privacy cases across the nation. Although illustrative, this update is not intended to be exhaustive. If there is another area of data privacy litigation about which you would like to know more, please reach out. The contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated. If you are interested in tracking developments between blog posts, consider following us on LinkedIn.
Keypoint: Of the ten privacy- and AI-related bills passed by the California legislature in the 2024 legislative session, Governor Newsom signed seven into law and vetoed three by the September 30 deadline.
Throughout the 2024 legislative session, we have been tracking numerous privacy- and AI-related bills pending in California. Ten of those bills passed the state legislature before the legislative session ended on August 31 (nine of which passed in the final week of August). Governor Newsom had a deadline of September 30 to sign or veto the bills that passed. Of the ten total bills, he signed seven into law and vetoed three bills. Those seven bills scheduled to go into effect consist of four laws related to privacy and three laws related to AI.
The below article provides a summary of the ten bills that Governor Newsom either signed into law or vetoed.