As the California Privacy Protection Agency ramps up enforcement, it will “telegraph” how it plans to enforce the state’s privacy law and will act in ways that aren’t far from what other states would do, CPPA Executive Director Tom Kemp said in a wide-ranging interview Wednesday with Privacy Daily. In addition, Kemp panned Congress’ proposed 10-year moratorium on state AI regulation while saying the agency is being careful about what aspects of AI may come under its jurisdiction.
Amendments to Connecticut’s privacy law passed the legislature on Tuesday as part of a different bill that included other subjects. Changes to the Connecticut Data Privacy Act would take effect July 1, 2026, if the bill is signed by Gov. Ned Lamont (D).
The California Assembly on Tuesday passed a bill aimed at protecting reproductive health privacy, including through a private right of action. The bill, which appropriators recently cleared (see 2505230062), now moves to the Senate.
Connecticut Sen. James Maroney (D) “will try AI again next year,” a spokesperson told us Wednesday. Maroney announced the demise of his bill, SB-2, Wednesday while riffing on reports that U.S. Rep. Marjorie Taylor Greene (R) opposes stopping states from regulating AI.
Consumer and labor groups condemned May 9 revisions to California Privacy Protection Agency (CPPA) draft rules on automated decision-making technology (ADMT) and other California Consumer Privacy Act (CCPA) issues. The changes “represent significant concessions by the Agency and its board to a campaign of industry pressure,” civil society groups said in comments at the agency this week.
New Jersey draft rules for implementing the state’s comprehensive privacy law appeared Monday in the New Jersey Register, as expected (see 2505280058). Comments are due Aug. 1, said the New Jersey Division of Consumer Affairs document (57 N.J.R. 1101(a)).
With few public details about states' privacy consortium, lawyers are questioning what the group's formation means for enforcement and fines in the future. April's announcement could be another sign that enforcement is increasing -- and more reason for companies to bolster compliance efforts, said multiple attorneys who work in privacy or commonly defend businesses facing state investigations.
Nebraska Gov. Jim Pillen (R) signed an age-appropriate design code (AADC) bill (LB-504) at a ceremony Friday. Pillen previously said he would “proudly” sign the measure once it passed the unicameral legislature 42-7 earlier this week (see 2505280066).
The Vermont legislature passed an age-appropriate design code (AADC) bill Thursday, becoming the second state this week to approve such a measure. Vermont senators voted unanimously by voice to concur with House changes and repass S-69, which would require companies to set maximum privacy settings by default for children. Later that day, the House finally passed the bill by concurring with a minor technical amendment related to the wording of the effective date.
Vermont’s comprehensive privacy bill won’t pass the legislature in 2025, the second year in a row that sweeping legislation by Rep. Monique Priestley (D) has failed to become law. At a livestreamed House Commerce Committee meeting Wednesday, Priestley said legislators “ran out of time” to finish the bill this session, particularly with more pressing housing and education measure before the legislature. However, to tee up summer talks about privacy, Priestley said she plans to post an amendment restoring the Senate bill to the original House version, with some changes.