The Virginia Senate passed a reproductive health data privacy bill on Friday. Then on Monday, the Virginia House Communications Committee advanced multiple AI and privacy bills. However, legislation that would add a private right of action and make other changes in Virginia’s comprehensive privacy law appeared to stall in a subcommittee.
"A strong data privacy bill must include a private right of action to allow … individuals to bring a lawsuit when they suffer actual damages,” Vermont Attorney General Charity Clark (D) said Monday. At a livestreamed press conference, Clark supported state Rep. Monique Priestley (D) in reintroducing a privacy bill that Gov. Phil Scott (R) vetoed last year. Priestley said the 2025 bill will also include data minimization rules, despite business concerns stemming from Maryland’s law, which includes such requirements.
A new privacy protocol aims at getting consumers quicker responses from businesses when they seek to exercise their data rights under a growing body of state laws. Consumer Reports and a group of privacy compliance companies will release the Data Rights Protocol (DRP) on Tuesday after nearly four years of development, CR told Privacy Daily. OneTrust, Transcend, Yorba and CR’s Permission Slip announced that they added DRP to their systems and are working to move it to production.
Montana legislators mulled two privacy bills from the author of the state’s 2023 comprehensive law during hearings Thursday. At one livestreamed session, Montana Sen. Daniel Zolnikov (R) urged the Senate Energy and Telecom Committee to clear a fix of another data bill from that year, the Genetic Information Privacy Act. Later, during an Education Committee hearing, the state senator urged support for a bill that gives students “the right to be forgotten.”
New York Senate Internet Committee Chair Kristen Gonzalez (D) Thursday reintroduced the New York Privacy Act (S-3044) that Sen. Kevin Thomas (D) proposed last year. Thomas departed the legislature at the end of 2024.
A federal district court judge seemed skeptical of several tech industry arguments against California’s 2022 Age-Appropriate Design Code Act at oral argument Thursday. However, U.S. District Court for the Northern District of California Judge Beth Freeman also asked if she should wait for the U.S. Supreme Court to possibly rule on age-verification mandates in Free Speech Coalition v. Paxton.
New York state health data privacy legislation could soon hit the governor’s desk after the Assembly and Senate quickly passed bills this week. Despite Republican opposition on the Assembly floor Wednesday, members voted 95-41 to pass S-929, the Senate version that was substituted forA-2141. The effectively same bills have been compared to Washington state’s My Health My Data law. The Senate passed S-929 on Tuesday after bypassing its committee process (see 2501210068). Republicans and the Computer & Communications Industry Association (CCIA) raised concerns with the legislation, which is supported by the American Civil Liberties Union (ACLU).
The New York Senate voted 49-10 Tuesday to approve a sweeping health privacy bill (S-929) similar to Washington state’s My Health My Data law.
The early weeks of January have brought a blizzard of state bills focused on protecting kids online, including requiring age verification on porn and social media websites. Some industry groups have long raised privacy concerns with such mandates, arguing they could require that users submit sensitive information confirming their age or parental status to consent to a child’s access.
State privacy officials in Delaware and New Hampshire aren’t intentionally looking to catch businesses breaking rules, they told an International Association of Privacy Professionals webinar Wednesday. Both states’ privacy laws took effect Jan. 1 (see 2501060066).