US State Law

California Attorney General Delays Enforcement of CAADCA Amidst Legal Challenge

March 6, 2025 By Maki DePalo and Hyun Jai Oh

On March 4, 2025, the California Attorney General (AG) announced a further delay in the enforcement of the California Age-Appropriate Design Code Act (CAADCA) until April 5, 2025. Initially operative on July 1, 2024, CAADCA’s enforcement had already been postponed to March 6, 2025, due to a trade association’s challenge to the statute’s validity. This […]

Virginia Legislature Passes Second US AI Governance Act behind Colorado: Comparing the AI Acts

March 4, 2025 By Alex Brown, Jennifer Everett, Daniel Felz, Ashley Miller and Dorian Simmons

On February 20, 2025, the Virginia legislature passed the High-Risk Artificial Intelligence Developer and Deployer Act (House Bill 2094, the “VA AI Act”) that mandates developers and deployers of high-risk artificial intelligence systems (“HRAI systems”) to adhere to specific governance requirements. The VA AI Act will come into effect on July 1, 2026 (if Virginia […]

Congress Seeks Comments on Comprehensive Federal Data Privacy Law

February 25, 2025 By Jennifer Pike, Jennifer Everett, Kate Hanniford and Evan Collier

Since the first comprehensive state data privacy law went into effect in California in 2020, 18 other states have enacted comprehensive data privacy laws, with 14 others currently moving through their respective state legislative process. The proliferation of such state laws is happening at a breakneck pace, and leaving in their wake regulated entities who […]

New York AG Seeks Comments on Rulemaking for Minors’ Online Protection Laws

August 12, 2024 By Maki DePalo, Dorian Simmons and Hyun Jai Oh

On August 1, 2024, New York Attorney General (“AG”) Letitia James issued two advanced notices of proposed rulemaking (“ANPRs”) for the Stop Addictive Feeds Exploitation (SAFE) for Kids Act (the “SAFE Act”) and the Child Data Protection Act (the “CDPA”), both of which New York Governor Kathy Hochul signed into law on June 20, 2024. […]

CPPA Holds Preliminary Stakeholder Session on Accessible Deletion Mechanism under Delete Act

July 24, 2024 By John Lesko

On June 26, 2024, the California Privacy Protection Agency (the “CPPA”) held a stakeholder session to provide information and gather stakeholder input on the CPPA’s mandate to build an accessible deletion mechanism known as the Delete Request and Opt-Out Platform (“DROP”) as required by the California Delete Act. DROP will allow consumers to request the […]