New York Assemblymember Alex Bores (D) expects his AI safety bill, the Responsible AI Safety and Education (RAISE) Act, could be revised through the chapter-amendment process, the legislator told Privacy Daily on Wednesday. “We’re open to amendments that … strengthen or clarify the bill.”
The California Consumer Privacy Act (CCPA) is “like a big Lego block” to which state legislators “are constantly adding … Lego pieces,” said Tom Kemp, executive director of the California Privacy Protection Agency, during an IAPP webinar Tuesday. The California Privacy Rights Act, which amended the CCPA, prohibits reducing Californians’ privacy rights, he noted.
Businesses should map their automated decision-making technology (ADMT), review and revise privacy policies, plan for cybersecurity audits and review vendor contracts in response to California Privacy Protection Agency rules adopted July 24, some privacy law practices advised in recent client alerts. The rules are expected to be finalized without changes shortly.
Minnesota's comprehensive privacy law that took effect Thursday uniquely requires companies to allow consumers to question their automated decisions. The law also includes uncommon requirements about material changes to privacy polices and giving lists of third parties to consumers. While companies will also for the first time face requirements such as having to conduct data inventories and appoint chief privacy officers, many of the law's stipulations are already best practices, privacy lawyers told us.
President Donald Trump’s possible health-tracking system with Big Tech companies should increase the urgency for New York Gov. Kathy Hochul (D) to sign a health data privacy bill that passed the state legislature months ago, Assemblymember Linda Rosenthal (D) said in a Wednesday interview with Privacy Daily: “I will bring it to” the governor's office’s “attention today.”
Colorado plans to forgo a mandate that companies verify users' ages in a rulemaking that updates the state’s comprehensive privacy law. But when enforcing kids privacy restrictions, the state's attorney general could consider companies’ use of age-estimation technologies, said draft rules released Tuesday.
Wisconsin Rep. Shannon Zimmerman (R) aims to fast-track comprehensive privacy legislation when state legislators return from summer recess, he said in an interview last week with Privacy Daily. The lawmaker is hopeful that he will find bipartisan support and that the bill will pass in 2025 after it hit roadblocks in prior legislative sessions, he said.
Businesses should start thinking now about complying with new data-protection regulations approved Thursday by the California Privacy Protection Agency (CPPA), privacy attorneys said immediately afterward in blogs and LinkedIn posts. While consumer privacy advocates slammed the rules as weak, one acknowledged they still give California a lead over other U.S. states.
The California Privacy Protection Agency will soon take 15 days of comments on revised draft rules for implementing a data-deletion mechanism under the California Delete Act, the five-person CPPA board decided unanimously during a partially virtual meeting Thursday. The agency expects to extensively test the system to work out any kinks before data brokers start accessing it in August 2026, said General Counsel Philip Laird.
The California Privacy Protection Agency approved rules on automated decision-making technology (ADMT) and other subjects at a partially virtual meeting Thursday. CPPA Board members voted 5-0 to clear the rulemaking package, which also covers risk assessments, cybersecurity audits, insurance and updates to California Consumer Privacy Act (CCPA) regulations.