Alston & Bird Privacy, Cyber & Data Strategy Blog

Maki DePalo

Avatar photo

About Maki DePalo

Maki DePalo is a partner with Alston & Bird’s Privacy, Cyber & Data Strategy Team. She devotes her practice to clients' initiatives in technology and corporate transactions encompassing intellectual property licensing, strategic outsourcing, Internet-based marketing and advertising, data privacy and security, governance and compliance.

[Read Bio]

Texas Expands Data Broker Act Requirements

By and

On September 1, 2025, the amendments to the Texas Data Broker Act (the Act) became effective. The Act, which originally came into effect on September 1, 2023, defines “data brokers” as business entities that derive their principal source of revenue from collecting, processing, or transferring personal data that they did not collect directly from consumers. […]

Compliance Deadline for Colorado AI Act Delayed Until June 30, 2026

By and

On August 28, 2025, Colorado Governor Jared Polis signed Senate Bill 25B-004 (Bill) into law, extending the compliance deadline of the Colorado Artificial Intelligence Act (CAIA) from February 1, 2026, to June 30, 2026. The Bill does not alter the CAIA’s substantive requirements. But it remains uncertain whether the Colorado legislature will introduce further amendments […]

Arkansas Enacts Children and Teens’ Online Privacy Protection Act

By and

On April 21, 2025, Arkansas Governor Sarah Huckabee Sanders signed into law the Arkansas Children and Teens’ Online Privacy Protection Act (Act), which will become effective on July 1, 2026. It draws inspiration from the federal Children and Teens’ Online Privacy Protection Act (COPPA 2.0) and provides stronger privacy protections for Arkansas residents under thirteen […]

FTC Publishes Amendments to COPPA Rule

By and

On April 22, 2025, the Federal Trade Commission (FTC) published the finalized amendments (Amendments) to the Children’s Online Privacy Protection Rule (COPPA Rule) that would impose additional restrictions on website and online service operators that collect personal information from children under the age of thirteen. The Amendments will become effective on June 23, 2025.  Operators […]

Key Takeaways from CPPA’s Recent Settlement with an Automotive Manufacturer for Alleged CCPA Violations

By and

On March 12, 2025, the California Privacy Protection Agency (CPPA) published its decision approving a Stipulated Final Order (Order) against a major automotive manufacturer (company) for violations of the California Consumer Privacy Act (CCPA).  The Order requires the company to pay a $632,500 fine and implement several changes to its data handling practices. These changes […]