On March 30, 2026, California Governor Gavin Newsom signed Executive Order N-5-26 (the “Order”), aimed at governing the responsible procurement and deployment of Generative Artificial Intelligence (“GenAI”) across California’s state government. The Order builds on the foundation laid by Executive Order N-12-23, issued in September 2023, by directing a series of actions across multiple state […]
Privacy
Ninth Circuit Partially Lifts Injunction Against California Age-Appropriate Design Code Act
On March 12, 2026, the United Sates Court of Appeals for the Ninth Circuit (Ninth Circuit) partially vacated the preliminary injunction by the United States District Court for the Northern District of California (district court) that had blocked the enforcement of the California Age-Appropriate Design Code Act (CAADCA). Several key CAADCA provisions remain enjoined, but […]
CalPrivacy Seeks Input on Reducing Friction in Privacy Rights Experience and Challenges with Opt-Out Preference Signals
On March 6, 2026, the California Privacy Protection Agency (CalPrivacy) published an Invitation for Preliminary Comments seeking public input on whether regulatory changes are needed in two related areas under the California Consumer Privacy Act (CCPA): (1) reducing friction in exercising privacy rights ; and (2) the operation and use of opt-out preference signals (OOPS). […]
CalPrivacy Goes to the Board with Digital Advertising-Focused Enforcement
On February 27, 2026, the California Privacy Protection Agency (“CalPrivacy”) issued an order (the “Order”) requiring a sports-focused media and technology company (the “Company”) to pay a $1.10 million administrative fine for violations of the California Consumer Privacy Act (“CCPA”). The action continues California regulators’ scrutiny of how companies deploy cookies, software development kits and […]
New Jersey Expands HIPAA-Based Exemptions Under Its Comprehensive Privacy Law
On January 20, 2026, the New Jersey Governor signed Assembly Bill A5017 (“Amendment”), amending the New Jersey Data Protection Act (“NJDPA”). The Amendment exempts data that is not protected health information (“non-PHI”) from the NJDPA when it is handled by covered entities or business associates in accordance with the privacy and security requirements of the […]