New York state legislators opened their 2025 session Wednesday, introducing comprehensive and healthcare-focused privacy bills, among other measures related to consumer data. Assemblymember Nily Rozic (D) offered the 2025 version of the New York Privacy Act. However, some of it is "not aligned with other comprehensive privacy laws,” which could make compliance a challenge for businesses, warned Hinshaw & Culbertson privacy attorney Cathy Mulrow-Peattie in an email Wednesday.

A reintroduced Connecticut AI bill aims to build on the state’s 2022 comprehensive privacy law, state Sen. James Maroney (D), the privacy law’s author, said in an interview. Maroney’s second attempt at establishing AI requirements will be a priority bill for majority Democrats in the Connecticut Senate next year, Maroney, Senate President Pro Tempore Martin Looney and Majority Leader Bob Duff said in a joint announcement last month.

In what one privacy expert called a "dam-bursting moment," the European Court of Justice's General Court Wednesday ordered the European Commission (EC) to pay $412 (400 euros) to a German visitor to one of its websites because the site unlawfully transferred his personal data to the U.S. (Case T-354/22/ Bindl v. Commission). The EC said it would "carefully study" the judgment and its implications.

A comprehensive New York bill to regulate AI surfaced ahead of the state’s legislative session that opens Wednesday. The Assembly referred A-768 by Assemblymember Alex Bores (D) to the Consumer Affairs and Protection Committee.

Businesses must make incremental changes to comply with five state privacy laws effective this month, privacy experts said in interviews. Comprehensive laws took effect Jan. 1 in Delaware, Iowa, Nebraska and New Hampshire. A New Jersey law becomes effective Jan. 15, with that state’s attorney general office’s consumer affairs division soon expected to open a rulemaking.

Congress and the Trump administration should consider X platform owner Elon Musk’s unconventional ideas, including possibly shuttering the Consumer Financial Protection Bureau, Senate Republicans told us in December.

A U.S. District Court of Northern California ruling last week in NetChoice v. Bonta, which involved a law regulating addictive social media feeds for minors, will likely hold up and pave the way for approval of similar state laws, supporters of such laws said. The 9th U.S. Circuit Court of Appeals is set to consider an appeal of the Dec. 31 decision rejecting NetChoice's motion to stop the law from taking effect the next day.

Better international enforcement cooperation, AI and data free flow with trust (DFFT) are 2025's top priorities for Group of 7 (G7) data protection authorities, several told us. Their October roundtable in Rome focused on those three topics, the European Data Protection Supervisor (EDPS) reported. Representatives from Canada, France, Germany, Japan, the U.K., the U.S., the EDPS and the European Data Protection Board participated.

New Republican leadership for the House and Senate Commerce committees could mean a full reset for federal privacy legislation in 2025. That’s according to interviews with incoming Senate Commerce Committee Chairman Ted Cruz, R-Texas, and incoming House Commerce Committee Chairman Brett Guthrie, R-Ky.

Vermont and Washington state will soon introduce comprehensive privacy bills, while Connecticut will have a bill that would add data minimization rules and make other changes to its 2022 law, legislators told Privacy Daily ahead of sessions starting this month. Also, legislators in Oklahoma and South Carolina prefiled bills last month for the 2025 legislative sessions. Additional privacy bills are expected this year in several other states, said privacy lawyers and consumer advocates in other interviews.