California’s legislature has once again taken center stage in the national privacy conversation, passing a flurry of privacy bills during a marathon session that stretched into the night of September 12. 

On August 25, 2025, the Federal Trade Commission filed a complaint against Air AI, alleging the company and its owners made overblown claims about the availability and capabilities of its artificial intelligence (AI) tools to replace human sales representatives, as well as deceptive claims about the busi

After years of drafting, discussions, and debates, the California Privacy Protection Agency (CPPA) Board reached a significant milestone in its efforts to bring to fruition regulations that have been in discussion by the CPPA Board for several years. 

With 2025 more than half over and many state legislatures adjourned for the year, we look back at significant legislative developments concerning state comprehensive consumer privacy laws. 

The Connecticut Governor signed SB 1295 into law on June 25, 2025, again amending the Connecticut Data Privacy Act (CTDPA). 

The comprehensive consumer privacy laws of Minnesota and Tennessee have recently taken effect, with the Minnesota Consumer Data Privacy Act (MCDPA) operative as of July 31, 2025, and the Tennessee Information

As the 2025 summer heat continues and as state privacy laws continue to mature, enforcement actions are beginning to shape the compliance landscape for businesses nationwide—from the coast of California to the shores of Connecticut. 

On June 27, 2025, the United States Supreme Court weighed in on the ongoing debate about age verification requirements for websites, holding that it is constitutional for a state to require websites that have a significant portion of adult content to implement commercial age verification systems. 

Roughly six months since Andrew Ferguson became Chairman of the Federal Trade Commission, an FTC workshop on children’s privacy and online safety has provided a glimpse into the agency’s approach to these issues.

On June 2, 2025, the New Jersey Office of Consumer Protection announced proposed rules for New Jersey’s comprehensive consumer privacy law, the New Jersey D

In May 2025, Montana enacted Senate Bill 163 (SB 163), amending that state’s Genetic Information Privacy Act (MGIPA) to include protections for neurotechnology data—namely, data collected from the activity of the central or peripheral nervous system.

Can a communications provider be held liable when it reports to the National Center for Missing and Exploited Children (NCMEC) an image the provider believes to be child sexual abuse material based on signals provided by NCMEC? 

Last week, the Second Circuit, in Solomon v. Flipps Media, Inc., joined the Third and Ninth Circuits in holding that “personally identifiable information” (PII) under the Video Privacy Protection Act (VPPA) is limited to information that would enable an ordinary person, without specialized knowledge or tools, to identify a consumer’s video-viewing history.