Rep. Gus Bilirakis will reintroduce the Kids Online Safety Act (KOSA) “as soon as possible," the Florida Republican told us Thursday.
Companies deploying AI in ways that the EU AI Act has banned have until Feb. 2 to stop using them, but exactly how to do that remains unclear, privacy experts told us. The European Commission consulted with stakeholders in December on the practical aspects of compliance and plans to issue guidance ahead of the deadline, an EC spokesperson emailed.
The number of cases alleging violations of the 1988 Video Privacy Protection Act has risen in recent years and seems likely to continue to grow after an October decision by the 2nd U.S. Circuit Court of Appeals, privacy lawyers said in interviews. The VPPA was intended to protect the privacy of an individual’s video store rentals. However, in the past decade or so, its reach has widened to include streaming services, said Matthew Wolfe, a Shook Hardy privacy attorney.
A majority of the U.S. Supreme Court signaled on Friday it will likely uphold Congress’ TikTok divestment law because the company’s Beijing ties raise legitimate security concerns.
At the SEC's insistence, tech media and telecom (TMT) companies are increasingly warning investors and the public about cyberattack risks, as well as steps they're taking when incidents are discovered. The SEC began requiring that companies report on cybersecurity practices and incidents in 2023. And TMT companies’ cybersecurity disclosures in their 2024 10-K annual reports varied widely in depth and detail: TDS' totaled a little more than 300 words; Lumen's was more than 1,400.
Data protection authorities (DPAs) may not limit the number of complaints a person files during a certain period under the EU General Data Protection Regulation (GDPR) unless they find that person is abusing the process, the European Court of Justice held Thursday (Case C-416/23). DPAs seeking to rid themselves of complaints is an EU-wide issue, though this case arose in Austria, said Austrian privacy campaigner Max Schrems.
The second U.S. state privacy law could be updated this year. Virginia’s legislative session opened Wednesday with a bill by Del. Michelle Maldonado (D) that would add protections for teens, include support for universal opt-out mechanisms and revise other parts of the 2021 Virginia Consumer Data Protection Act. Maldonado's measure would also add an AI section called the "Artificial Intelligence Training Data Transparency Act,” which includes a private right of action.
New York State Assemblymember Alex Bores (D) plans to file legislation that regulates frontier AI models later this month, with concepts similar to a bill vetoed in California last year.
New York state legislators opened their 2025 session Wednesday, introducing comprehensive and healthcare-focused privacy bills, among other measures related to consumer data. Assemblymember Nily Rozic (D) offered the 2025 version of the New York Privacy Act. However, some of it is "not aligned with other comprehensive privacy laws,” which could make compliance a challenge for businesses, warned Hinshaw & Culbertson privacy attorney Cathy Mulrow-Peattie in an email Wednesday.
A reintroduced Connecticut AI bill aims to build on the state’s 2022 comprehensive privacy law, state Sen. James Maroney (D), the privacy law’s author, said in an interview. Maroney’s second attempt at establishing AI requirements will be a priority bill for majority Democrats in the Connecticut Senate next year, Maroney, Senate President Pro Tempore Martin Looney and Majority Leader Bob Duff said in a joint announcement last month.