Expect the California attorney general’s office to support a bill requiring it to build internal expertise on AI once it sees “the money for it,” predicted California Sen. Jerry McNerney (D) during an Assembly Privacy Committee hearing Tuesday. The committee approved the measure to go to the Judiciary Committee by a 14-0 vote.
A California bill to set data-breach notification deadlines advanced to the Assembly Appropriations Committee on Tuesday. The chamber’s Judiciary Committee unanimously approved SB-446 as part of the consent calendar during a livestreamed meeting.
A California privacy enforcer’s first use of a purpose-limitation requirement under the California Consumer Privacy Act (CCPA) makes this week’s record $1.55 million settlement with Healthline a significant enforcement action for companies in many sectors, privacy experts told Privacy Daily this week. Also significant was the highly technical, in-depth investigation that the office of Attorney General Rob Bonta (D) conducted, they said. Signs point to increased privacy enforcement ahead.
Pleasing businesses, California lawmakers further scaled back a privacy bill requiring support for universal opt-out signals so it now covers only browsers. At a hearing Tuesday, the Senate Judiciary Committee voted 11-0 to advance AB-566 to the Appropriations Committee. In addition, the Judiciary Committee forwarded a bill that would require social media platforms to treat consumers deleting accounts as requests to delete their information under the California Consumer Privacy Act (CCPA). The panel also supported requiring warning labels on social media.
Utah should consider amending its comprehensive privacy law, given the underwhelming number of consumer privacy complaints filed in the statute’s first 18 months, said Attorney General Derek Brown (R) and the Utah Division of Consumer Protection in a report obtained Wednesday by Privacy Daily. “Complaints have not been as forthcoming as anticipated,” it said, but “violations are likely occurring.”
A controversial proposed change to the California Invasion of Privacy Act (CIPA) will be held until next year, said state Sen. Anna Caballero (D) during an Assembly Public Safety Committee hearing Tuesday. The committee advanced Caballero’s SB-690 to the Privacy Committee with the understanding that it will be delayed. A day earlier, the committee staff raised questions about whether SB-690 was designed to protect “mom-and-pop” businesses from frivolous lawsuits.
Healthline must pay California $1.55 million as part of a record proposed settlement under the California Consumer Privacy Act, Attorney General Rob Bonta (D) said Tuesday. It also includes a novel injunctive term prohibiting the company “from sharing article titles that reveal that a consumer may have already been diagnosed with a medical condition,” the attorney general's office said.
A comprehensive privacy law taking effect Tuesday in Tennessee may appear business-friendly compared with similar measures in other states, but privacy lawyers note that it also contains some of the highest penalties for noncompliance. Companies could avoid a Tennessee crackdown by taking advantage of a novel safe harbor in the law, Mintz’s Cynthia Larose told Privacy Daily.
Maine has joined a growing list of states in which comprehensive privacy bills stalled in 2025. However, Rep. Amy Kuhn (D), the Maine Judiciary Committee’s House chair, told Privacy Daily on Thursday that her LD-1822 will return in 2026.
California bills on surveillance and automated decision-making in the workplace are advancing despite continuing concerns from employers that use such technologies.