SANTA CLARA, Calif. -- Carnegie Mellon is developing a framework for assessing the user-friendliness of websites' privacy notices and consent options, two professors said at the USENIX Privacy Engineering Practice and Respect (PEPR) conference Monday. While aimed at companies seeking to review their methods, the tool could be useful to privacy regulators as well, Carnegie Mellon CyLab Director Lorie Cranor told us.
The actual cost to a company from a privacy enforcement action could be many times higher than the regulator's fine, Clarip CEO Andy Sambandam said in an interview. Privacy has become a quickly rising concern for companies amid a growing number of privacy laws and state enforcement actions, he told Privacy Daily.
As the California Privacy Protection Agency ramps up enforcement, it will “telegraph” how it plans to enforce the state’s privacy law and will act in ways that aren’t far from what other states would do, CPPA Executive Director Tom Kemp said in a wide-ranging interview Wednesday with Privacy Daily. In addition, Kemp panned Congress’ proposed 10-year moratorium on state AI regulation while saying the agency is being careful about what aspects of AI may come under its jurisdiction.
Amendments to Connecticut’s privacy law passed the legislature on Tuesday as part of a different bill that included other subjects. Changes to the Connecticut Data Privacy Act would take effect July 1, 2026, if the bill is signed by Gov. Ned Lamont (D).
The California Assembly on Tuesday passed a bill aimed at protecting reproductive health privacy, including through a private right of action. The bill, which appropriators recently cleared (see 2505230062), now moves to the Senate.
Connecticut Sen. James Maroney (D) “will try AI again next year,” a spokesperson told us Wednesday. Maroney announced the demise of his bill, SB-2, Wednesday while riffing on reports that U.S. Rep. Marjorie Taylor Greene (R) opposes stopping states from regulating AI.
Consumer and labor groups condemned May 9 revisions to California Privacy Protection Agency (CPPA) draft rules on automated decision-making technology (ADMT) and other California Consumer Privacy Act (CCPA) issues. The changes “represent significant concessions by the Agency and its board to a campaign of industry pressure,” civil society groups said in comments at the agency this week.
New Jersey draft rules for implementing the state’s comprehensive privacy law appeared Monday in the New Jersey Register, as expected (see 2505280058). Comments are due Aug. 1, said the New Jersey Division of Consumer Affairs document (57 N.J.R. 1101(a)).
With few public details about states' privacy consortium, lawyers are questioning what the group's formation means for enforcement and fines in the future. April's announcement could be another sign that enforcement is increasing -- and more reason for companies to bolster compliance efforts, said multiple attorneys who work in privacy or commonly defend businesses facing state investigations.
Nebraska Gov. Jim Pillen (R) signed an age-appropriate design code (AADC) bill (LB-504) at a ceremony Friday. Pillen previously said he would “proudly” sign the measure once it passed the unicameral legislature 42-7 earlier this week (see 2505280066).