The FTC on Thursday announced its long-awaited update to children’s online privacy rules, which includes new opt-in consent requirements and data retention limits.

Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching on the title or by clicking on the hyperlinked reference number.

It's unclear how the U.S. Supreme Court will rule in a case involving a Texas law aimed at preventing minors from accessing adult websites, but a majority of the justices during oral argument Wednesday signaled their concern over minors’ access to obscene materials.

The California Privacy Protection Agency lacks authority to regulate AI, business groups protested during a partially virtual CPPA hearing Tuesday. They urged that the agency pump the breaks on proposed rules for automated decision-making technology (ADMT) and other changes to privacy regulations under the California Consumer Protection Act (CCPA). However, workers’ rights groups and consumer privacy organizations urged that it proceed with increasing privacy rules.

The House Commerce Committee is organizing a working group to determine a path forward on privacy legislation, Chairman Brett Guthrie, R-Ky., told us Tuesday.

Colorado will step in if the federal government pulls back on privacy enforcement under the second Trump administration, the state’s AG Phil Weiser (D) told Privacy Daily. In an interview, he said privacy will continue to be a priority for the state in 2025, with Weiser hoping to raise awareness with businesses and consumers about their duties and rights under the Colorado Privacy Act (CPA).

Privacy laws in the EU and at the state level in the U.S. serve as a basis for building an AI regulation regime, Morrison Foerster’s Marian Waldmann Agarwal and Marijn Storm said during a webinar about the intersection of privacy and AI last week. The partners discussed recent AI regulatory developments and their intersection with privacy obligations.

New-for-2025 comprehensive privacy bills appeared in Illinois and Oklahoma this week. In Illinois, state Sen. Sue Rezin's (R) proposed measure seems based on California’s law. The Oklahoma proposal, from Sen. Brent Howard (R), takes a Virginia-style approach. Privacy Daily is tracking comprehensive bills in at least five states.

The U.S. Supreme Court is set to hear oral arguments in a case about a Texas age-verification law aimed at preventing minors from accessing adult websites. However, in addition to First Amendment implications, the case could become much broader, centering on technology that verifies the ages of website visitors younger and older than 18 and whether that process infringes on their rights.

In what may be the first state enforcement action under a comprehensive privacy law, Texas Attorney General Ken Paxton (R) sued Allstate for the alleged unlawful collection, use and sale of the location data from Texans’ cellphones through software secretly embedded into mobile apps like Life360. Allstate and its subsidiary data analytics company Arity used the data to raise insurance rates, Paxton alleged at the Texas District Court of Montgomery County.