Public Comments Accepted Until November 7

On September 13, 2024, the Colorado Attorney General’s office (the Colorado Department of Law) proposed draft amendments (draft regulations) to its Colorado Privacy Act (CPA) regulations, which took effect

Continue Reading Colorado Department of Law Proposes Amendments to the Colorado Privacy Act Regulations Regarding Biometric and Minors’ Data

On August 14, 2024, the Federal Trade Commission (FTC) issued a final rule that prohibits publishing or trading in fake or misleading consumer reviews and testimonials, or engaging in other related deceptive promotional tactics. Notably, under the FTC’s new rule, the commission will be authorized to seek civil penalties against violators.Continue Reading FTC Issues Final Rule Banning Fake and Misleading Consumer Reviews and Testimonials

In the first half of 2024, seven new states—Kentucky, Maryland, Minnesota, Nebraska, New Hampshire, New Jersey, and Rhode Island—all enacted their takes on comprehensive privacy laws, bringing the total number of states with such laws

Continue Reading Seven New States Join Patchwork of U.S. Comprehensive Privacy Laws: Top 10 Trends from the First Half of 2024

In a decision with far-ranging implications for federal administrative law, the United States Supreme Court issued its long-awaited ruling in Loper Bright Enterprises v. Raimondo (Loper Bright).1 The Supreme Court’s six-Justice majority held that the Administrative Procedure Act (APA) requires courts interpreting agency regulations to determine independently whether the agencies have acted within their statutory authority, even where the statute at issue is ambiguous. In so holding, the Court overruled its 1984 decision in Chevron USA v. Natural Resources Defense Council, which for the last four decades had governed thousands of cases involving federal agency interpretations of ambiguous laws.Continue Reading “Chevron is overruled”: How Loper Bright Will Change the Regulatory Law Landscape

On June 7, 2023, the New York legislature passed the Stop Addictive Feeds Exploitation (SAFE) for Kids Act (SAFE Act or the Act) and the New York Child Data Protection Act (CDPA), both aimed at protecting children online. The SAFE Act prohibits covered social media companies from providing individuals under 18 (minors) with “addictive feeds” (as defined in the SAFE Act) and overnight notifications, absent parental consent. The CDPA is intended to complement the SAFE Act by limiting the extent to which providers of internet websites, online and mobile applications, and connected devices (service) can collect, use, share, and sell minors’ personal data. If signed into law by Governor Hochul, the SAFE Act and CDPA would create new, onerous requirements for entities doing business in New York. The key provisions of each act are highlighted below.Continue Reading New York Legislature Passes a Pair of Bills to Protect Children’s Privacy Online

On May 17, 2024, Governor Jared Polis signed the Colorado Artificial Intelligence Act (SB 24-205) (CAIA), regulating the development, deployment, and use of artificial intelligence (AI) systems. Colorado is the first state to enact comprehensive AI legislation. The law becomes effective February 1, 2026.Continue Reading Colorado Passes First-in-Nation Artificial Intelligence Act

On April 26, 2024, the Federal Trade Commission (FTC) announced a Final Rule that amends the Health Breach Notification Rule (HBNR or Rule) to significantly broaden the FTC’s enforcement power in the area of digital health. Under the Final Rule, many developers of everyday health and wellness apps (Developers) will now constitute “health care providers” subject to the HBNR. The consequences of failing to comply with the HBNR could be steep—failure to comply with the Rule could subject a company to civil penalties of $51,744 per violation. Below, we provide a summary of the Final Rule and highlight some of the key challenges it presents.Continue Reading FTC Final Rule Officially Broadens Health Breach Notification Rule, Targets Health and Wellness Apps