A controversial proposed change to the California Invasion of Privacy Act (CIPA) will be held until next year, said state Sen. Anna Caballero (D) during an Assembly Public Safety Committee hearing Tuesday. The committee advanced Caballero’s SB-690 to the Privacy Committee with the understanding that it will be delayed. A day earlier, the committee staff raised questions about whether SB-690 was designed to protect “mom-and-pop” businesses from frivolous lawsuits.
Healthline must pay California $1.55 million as part of a record proposed settlement under the California Consumer Privacy Act, Attorney General Rob Bonta (D) said Tuesday. It also includes a novel injunctive term prohibiting the company “from sharing article titles that reveal that a consumer may have already been diagnosed with a medical condition,” the attorney general's office said.
A comprehensive privacy law taking effect Tuesday in Tennessee may appear business-friendly compared with similar measures in other states, but privacy lawyers note that it also contains some of the highest penalties for noncompliance. Companies could avoid a Tennessee crackdown by taking advantage of a novel safe harbor in the law, Mintz’s Cynthia Larose told Privacy Daily.
Maine has joined a growing list of states in which comprehensive privacy bills stalled in 2025. However, Rep. Amy Kuhn (D), the Maine Judiciary Committee’s House chair, told Privacy Daily on Thursday that her LD-1822 will return in 2026.
California bills on surveillance and automated decision-making in the workplace are advancing despite continuing concerns from employers that use such technologies.
Connecticut will amend its privacy law again with what some lawyers say are significant changes. Gov. Ned Lamont (D) on Wednesday signed an omnibus (SB-1295) that contained the language of a bill (SB-1356) by Sen. James Maroney (D) updating the state’s 2022 privacy law (see 2506050004). Changes to the Connecticut Data Privacy Act (CTDPA) will take effect July 1, 2026.
A California bill seeking to limit “surveillance pricing” cleared a key committee at a hearing Tuesday afternoon. The Assembly Privacy Committee voted 10-4 for SB-259, with Republicans opposing. In addition, the committee cleared bills about data brokers and breaches as part of a unanimous vote on a consent agenda. All the bills previously passed in the Senate.
Understanding “data flows” and “who has access" are the most important steps in making a good-faith effort to comply with the DOJ’s bulk data transfer rule before a three-month grace period ends, said privacy attorney Nancy Libin during a Davis Wright webinar Tuesday. DOJ will begin full enforcement July 8 (see 2504140047).
Texas Gov. Greg Abbott (R) has signed two AI bills, including the much-watched Texas Responsible AI Governance Act (TRAIGA).
Businesses should be aware of unusual requirements in New Jersey draft rules for implementing the state’s comprehensive privacy law, several law firms warned in blog posts this month.