Pursuing data security claims against companies was "top-of-mind" for state attorneys general in 2024 and this will probably continue through the year, Morrison Foerster partners Linda Clark and Kathryn Taylor blogged Friday.
Massachusetts state Rep. Tricia Farley-Bouvier (D) filed a comprehensive privacy bill based on a model bill (see 2501070081) by Consumer Reports and the Electronic Privacy Information Center, said CR on Thursday.
The FTC on Thursday announced its long-awaited update to children’s online privacy rules, which includes new opt-in consent requirements and data retention limits.
Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching on the title or by clicking on the hyperlinked reference number.
Colorado will step in if the federal government pulls back on privacy enforcement under the second Trump administration, the state’s AG Phil Weiser (D) told Privacy Daily. In an interview, he said privacy will continue to be a priority for the state in 2025, with Weiser hoping to raise awareness with businesses and consumers about their duties and rights under the Colorado Privacy Act (CPA).
New-for-2025 comprehensive privacy bills appeared in Illinois and Oklahoma this week. In Illinois, state Sen. Sue Rezin's (R) proposed measure seems based on California’s law. The Oklahoma proposal, from Sen. Brent Howard (R), takes a Virginia-style approach. Privacy Daily is tracking comprehensive bills in at least five states.
Many companies are moving toward a national approach to privacy compliance to account for the growing patchwork of state laws, Wiley attorneys said in a blog post Thursday.
Transport companies lack legitimate interest under the EU General Data Protection Regulation (GDPR) in requiring customers to indicate their title before purchasing train tickets, the European Court of Justice (ECJ) held in a preliminary ruling Thursday.
Consumer advocates want to build a coalition behind a model state privacy bill that adds protections beyond current state laws, said Electronic Privacy Information Center (EPIC) and Consumer Reports (CR) officials in a Monday column in TechPolicy.press. The groups’ model, unveiled in September, is based on Connecticut's law, with additions including a private right of action, tightened data minimization requirements and increased protections for children and sensitive data. “EPIC and Consumer Reports hope to use the model bill to build on last session’s momentum and support lawmakers seeking strong privacy protections for their constituents,” wrote EPIC Deputy Director Caitriona Fitzgerald and CR Policy Analyst Matt Schwartz. “We are actively seeking new partners to join our coalition -- both organizations and constituents fed up with the status quo.” A forthcoming Washington state privacy bill will be based on the EPIC/CR model (see 2412300043).
Businesses must make incremental changes to comply with five state privacy laws effective this month, privacy experts said in interviews. Comprehensive laws took effect Jan. 1 in Delaware, Iowa, Nebraska and New Hampshire. A New Jersey law becomes effective Jan. 15, with that state’s attorney general office’s consumer affairs division soon expected to open a rulemaking.