Alston & Bird Privacy, Cyber & Data Strategy Blog

Privacy Policy

Arkansas Enacts Children and Teens’ Online Privacy Protection Act

By and

On April 21, 2025, Arkansas Governor Sarah Huckabee Sanders signed into law the Arkansas Children and Teens’ Online Privacy Protection Act (Act), which will become effective on July 1, 2026. It draws inspiration from the federal Children and Teens’ Online Privacy Protection Act (COPPA 2.0) and provides stronger privacy protections for Arkansas residents under thirteen […]

To Delete or Not to Delete: Can 23andMe Really Sell Genetic Data Via Bankruptcy?

By , , , , and

On March 23, 2025, 23andMe Holding Co. (“23andMe”) filed for bankruptcy in the Eastern District of Missouri, potentially setting in motion the sale of genetic data collected from more than 15 million people.  This has led to news outlets and state Attorneys General encouraging consumers to delete their 23andMe data before it is sold as […]

New York Passes Health Privacy Law – Your Questions Answered

By , , and

The New York State legislature passed the Health Information Privacy Act (“NYHIPA”) on January 22, 2025, marking the second state to introduce a comprehensive consumer health data law. If passed, the NYHIPA imposes more stringent obligations on organizations that handle “regulated health information. (“RHI”).  You’ve got questions – we’ve got answers. How is “regulated health […]

Congress Seeks Comments on Comprehensive Federal Data Privacy Law

By , , and

Since the first comprehensive state data privacy law went into effect in California in 2020, 18 other states have enacted comprehensive data privacy laws, with 14 others currently moving through their respective state legislative process. The proliferation of such state laws is happening at a breakneck pace, and leaving in their wake regulated entities who […]

California Joins the Neural Data Bandwagon

By

On August 31, the California assembly passed SB1223, which amends the CCPA/CPRA to include “neural data” as a type of sensitive data.  SB1223, which is likely to become law, defines “neural data” as “information that is generated by measuring the activity of a consumer’s central or peripheral nervous system, and that is not inferred from […]