A private right of action survived a Washington House panel vote on a comprehensive privacy bill Friday. The state's House Technology Committee voted 7-4 on partisan lines to advance an amended HB-1671, with Republicans supplying the nays.
Perhaps New Mexico shouldn’t go beyond other states' privacy laws, legislators on the House Commerce Committee said during a livestreamed hearing Wednesday. However, an American Civil Liberties official encouraged New Mexico lawmakers to lead the way with HB-307, an opt-in privacy bill containing a private right of action, strict data minimization requirements and kids’ design code rules (see 2502060058).
A comprehensive Oklahoma privacy bill based on Virginia’s law cleared the Senate Technology Committee at a livestreamed hearing Thursday. The panel voted 7-0 to advance SB-546, which sponsor Sen. Brent Howard (R) described as “a little bit more business friendly” compared with other state laws.
Long-anticipated bills by Vermont state Rep. Monique Priestly (D) on comprehensive data privacy (H-208), an age-appropriate design code (H-210) and data broker deletion requirements (H-211) formally entered the legislature on Wednesday. The 2025 privacy bill “contains a number of adjustments that address concerns from stakeholders, including members of the business community, while maintaining the core consumer protections expected by Vermonters,” said an H-208 summary.
More companies could become subject to the Montana Consumer Data Privacy Act under changes contemplated by the original law’s sponsor. Senate Energy and Technology Chair Daniel Zolnikov (R) told Privacy Daily on Thursday he wants to slash the legislation’s applicability thresholds and tighten exemptions. Moreover, under a bill (SB-297) he filed earlier this week, Montana would also add child protections and cut in half the comprehensive privacy law’s 60-day right to cure.
A significant proposed edit to the Maryland privacy law’s data minimization rule would be “a huge boon to the companies that already exploit our data,” Eric Null, Center for Democracy and Technology (CDT) privacy & data project co-director, said Monday. However, Keir Lamont, Future of Privacy Forum (FPF) senior director-U.S. legislation, said the bill would bring clarity only for businesses that don’t handle sensitive data.
It’s up to social media companies, which make “trillions of dollars” a year, to determine how to effectively verify users’ ages and parental consent for minors, said Connecticut Attorney General William Tong (D) on Monday. Tong urged legislators to pass a kids’ social media bill (HB-6857) at a livestreamed Connecticut General Law Committee hearing. Tech industry groups condemned the proposal in statements.
The 9th U.S. Circuit Court of Appeals should direct a lower court to enjoin California’s 2024 law (SB-976) restricting social media feeds for minors, consumer privacy advocates and free-market groups said in amicus briefs filed Thursday (case 25-146). As it urged the appeals court to reverse the U.S. District Court for Northern California, the Center for Democracy and Technology (CDT) raised privacy concerns about requiring companies to conduct age verification.
AI is an increasing part of privacy compliance jobs, practitioners said at Privado’s Bridge Summit web conference Thursday. Data protection officers (DPOs) are weighing ethics for AI usage across the business, while privacy engineers are mulling how they themselves might use large language models (LLMs) to automate compliance processes, they said.
States may take the lead on enforcement during the second Trump administration, privacy professionals said during a panel Wednesday at Privado’s Bridge Summit. Regulators, so far, seem most focused on protecting location, health and kids’ data, as well as overseeing data broker registrations, they added.