While March featured a flurry of newly introduced comprehensive privacy bills, state legislatures now appear to be primarily focused on pushing existing proposals through the chambers. ...more
4/21/2025
/ Consumer Privacy Rights ,
Corporate Counsel ,
Data Privacy ,
Data Protection ,
New Legislation ,
Personal Data ,
Personal Information ,
Privacy Laws ,
Proposed Amendments ,
Proposed Legislation ,
Regulatory Requirements ,
State Privacy Laws
One of the main risks for a company in the event of a data breach is the threat of litigation. Data breach litigation continued to proliferate in 2024, as it has in prior years....more
4/9/2025
/ Appellate Courts ,
Article III ,
Attorney-Client Privilege ,
Common Law Claims ,
Corporate Counsel ,
Damages ,
Data Breach ,
Injury-in-Fact ,
Negligence ,
Standing ,
TransUnion LLC v Ramirez
The states bounced back from a somewhat quiet previous biweekly update with several noteworthy developments in the last two weeks. A total of five new state comprehensive privacy bills were introduced in Maine (LD 1224),...more
4/8/2025
/ Consumer Privacy Rights ,
Corporate Counsel ,
Data Privacy ,
Data Protection ,
Enforcement Authority ,
New Legislation ,
Privacy Laws ,
Proposed Legislation ,
Regulatory Requirements ,
State Attorneys General ,
State Privacy Laws
Generative AI continued to be a hot topic for privacy-related litigation in 2024. In the US, companies using and deploying this technology saw themselves subject to lawsuits under various state and federal theories of...more
3/7/2025
/ Artificial Intelligence ,
CIPA ,
Consumer Privacy Rights ,
Consumer Protection Laws ,
Corporate Counsel ,
Data Privacy ,
Federal Trade Commission (FTC) ,
Machine Learning ,
Pending Litigation ,
Privacy Laws ,
State Attorneys General ,
State Privacy Laws ,
Unfair or Deceptive Trade Practices ,
Wiretapping
While the California Consumer Privacy Act (CCPA) is most known for its extensive privacy compliance obligations, the law also provides for a limited private right of action for certain security-related breaches....more
State legislatures kept busy last year, passing seven new comprehensive privacy laws, and wrapping up 2024 with a total of nineteen state comprehensive laws imposed across the country....more
2024 was another year of substantial legislative and regulatory advances at the international, federal, and state levels with regard to data protection law. Artificial intelligence (AI) regulation continued to hurdle forward...more
1/16/2025
/ Artificial Intelligence ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Privacy ,
Data Protection ,
Department of Justice (DOJ) ,
Enforcement Actions ,
EU ,
Federal Trade Commission (FTC) ,
New Legislation ,
Privacy Laws ,
Proposed Legislation ,
State Attorneys General ,
State Privacy Laws
On September 18, the Texas Attorney General (AG) announced a settlement agreement with Pieces Technologies, Inc. (“Pieces”), a Dallas-based healthcare artificial intelligence (AI) research and development firm, resolving...more
10/10/2024
/ Artificial Intelligence ,
Corporate Counsel ,
Enforcement Actions ,
False Statements ,
Hospitals ,
Med Tech ,
Misleading Statements ,
PHI ,
Research and Development ,
Settlement ,
State Attorneys General ,
Unfair or Deceptive Trade Practices
In the past several weeks, the Minnesota governor has signed into law the Minnesota Consumer Data Privacy Act, while the Vermont Data Privacy Act has been passed by the legislature and awaits the governor’s signature. Both of...more
On May 16, 2024, the Illinois General Assembly joined the Illinois Senate in approving S.B. 2979, a bill that amends the state’s landmark Biometric Information Privacy Act (BIPA) by limiting plaintiffs’ potential damages...more
As we move closer to the end of many states’ legislative sessions, a number of comprehensive privacy law proposals continue to work their way through the legislative process. Since our last update, Nebraska became the...more
On April 2, the California Privacy Protection Agency (CPPA or “the Agency”) issued the Agency’s first-ever enforcement advisory. The advisory (“Applying Data Minimization to Consumer Requests”) reaffirms data minimization as...more
The opening weeks of spring have seen comprehensive privacy law proposals continue to progress in state legislatures across the country. Since our last update, the Kentucky Consumer Data Protection Act (HB 15) received a...more
One of the main risks that a company faces after a data breach is a potential lawsuit. Plaintiffs often will allege creative statutory and common law theories of harm after they learn that their personal information has been...more
3/15/2024
/ Article III ,
Corporate Counsel ,
Damages ,
Data Breach ,
Emotional Distress Damages ,
Future Harm ,
Hackers ,
Imminent Harm ,
Intent ,
Personal Information ,
Public Disclosure ,
Sensitive Personal Information ,
Standing ,
TransUnion
In the weeks since our last update, we have seen continued progress in several state legislatures on comprehensive privacy legislation. Most notably, legislative chambers in West Virginia, Kentucky, and Georgia have passed...more
This post is part of a series of articles we are doing on 2023 data protection litigation trends.
While the California Consumer Privacy Act (CCPA) is most known for its onerous privacy compliance obligations, the law also...more
3/4/2024
/ California Consumer Privacy Act (CCPA) ,
Class Action ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Breach ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Personal Information ,
Private Right of Action ,
Right To Cure ,
Security and Privacy Controls ,
State Attorneys General ,
Statutory Damages ,
U-Haul ,
Wells Fargo
On Thursday, January 25, the Federal Trade Commission’s (FTC) Office of Technology hosted the FTC Tech Summit to discuss key developments in artificial intelligence (AI). The FTC brought together thought leaders from across...more
This post is part of a series of articles we are doing on 2023 data protection litigation trends.
Since its enactment in 2008, Illinois’s Biometric Information Privacy Act (BIPA) has produced a wave of privacy-related...more
2/1/2024
/ Biometric Information ,
Biometric Information Privacy Act ,
Class Action ,
Compliance ,
Consent ,
Corporate Counsel ,
Data Collection ,
Data Privacy ,
Employer Liability Issues ,
Employment Litigation ,
Exemptions ,
Fingerprints ,
Health Care Providers ,
IL Supreme Court ,
PHI ,
Privacy Laws ,
Private Right of Action ,
State Privacy Laws ,
Statute of Limitations ,
Statutory Damages ,
Statutory Violations ,
Third-Party Liability
Following a busy 2023 in which seven states enacted comprehensive privacy laws, we entered this year expecting additional activity on this front across state legislatures. The opening weeks of 2024 have not disappointed. Most...more
On December 8, the California Privacy Protection Agency (CPPA or “the Agency”) held a public Board meeting to discuss a range of topics, including proposed regulations on cybersecurity audits, risk assessments, and automated...more
On November 16, the Federal Trade Commission (FTC) announced an enforcement action against Global Tel*Link Corporation and two of its subsidiaries (collectively, “GTL”), which provide communications and payment services to...more
12/8/2023
/ Breach Notification Rule ,
Corporate Counsel ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Misrepresentation ,
Payment Systems ,
Popular ,
Prison ,
Proposed Standards ,
Section 5 ,
Telecommunications ,
Unfair or Deceptive Trade Practices
On June 30, the Delaware legislature passed the Personal Data Privacy Act (“the Act”). The Act now moves to the Delaware Governor’s desk for consideration and, if signed into law, will make Delaware the seventh state this...more
7/11/2023
/ Advertising ,
Advertising to Minors ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Processors ,
Minors ,
Notice Requirements ,
Opt-Outs ,
Pending Legislation ,
Personal Data ,
Sensitive Personal Information ,
State Privacy Laws ,
Unfair or Deceptive Trade Practices
As we move into the summer months, state comprehensive privacy law developments continue to steadily emerge. Most notably, in the weeks since our last update, the Texas legislature passed the Texas Data Privacy and Security...more
On May 31, the Federal Trade Commission (FTC or Commission) announced two separate enforcement actions against Amazon—one involving its cloud-based voice service, Alexa, and the other involving Ring, its smart doorbell...more
6/7/2023
/ ALEXA ,
Amazon ,
Artificial Intelligence ,
Biometric Information ,
Consumer Privacy Rights ,
COPPA ,
Corporate Counsel ,
Cybersecurity ,
Data Deletion ,
Data Privacy ,
Deceptive Intent ,
Enforcement Priorities ,
Federal Trade Commission (FTC) ,
Personal Data ,
Popular ,
Settlement ,
Unfair or Deceptive Trade Practices
On May 28, 2023, the Texas legislature reached an agreement (by conference committee) on the Texas Data Privacy and Security Act (the Act), setting the stage for Texas to become the tenth state with a comprehensive privacy...more