Utah Governor Spencer J. Cox signed three state AI bills into law that took effect May 7, 2025. These laws require businesses to make “you’re talking to a bot” disclosures and comply with privacy requirements when using AI in connection with consumer transactions, mental health chatbots, and certain content used for advertising, fundraising or endorsements. […]
Privacy
CPPA Issues Revised Draft CCPA Regulations; Votes to Initiate Public Comment Period
On May 1, 2025, the California Privacy Protection Agency (“CPPA”) Board convened to discuss revisions to the California Consumer Privacy Act (“CCPA”) draft regulations on cybersecurity audits, risk assessments, automatic decisionmaking technology (“ADMT”), insurance, and updates to the existing CCPA regulations. The revisions were informed by comments received by the CPPA during the formal public […]
Arkansas Enacts Children and Teens’ Online Privacy Protection Act
On April 21, 2025, Arkansas Governor Sarah Huckabee Sanders signed into law the Arkansas Children and Teens’ Online Privacy Protection Act (Act), which will become effective on July 1, 2026. It draws inspiration from the federal Children and Teens’ Online Privacy Protection Act (COPPA 2.0) and provides stronger privacy protections for Arkansas residents under thirteen […]
Ninth Circuit Addresses Personal Jurisdiction Based on E-Commerce Data Collection in En Banc Decision
A recent decision by the Ninth Circuit Court of Appeals in Briskin v. Shopify, Inc., No. 22-15815, could impact the scope of personal jurisdiction over e-commerce and other entities that utilize cookies to collect personal information from visitors to the entities’ websites, particularly in California. Although the impact of the case remains to be seen, […]
FTC Publishes Amendments to COPPA Rule
On April 22, 2025, the Federal Trade Commission (FTC) published the finalized amendments (Amendments) to the Children’s Online Privacy Protection Rule (COPPA Rule) that would impose additional restrictions on website and online service operators that collect personal information from children under the age of thirteen. The Amendments will become effective on June 23, 2025. Operators […]