The FTC’s recent children’s privacy claims against Disney and Apitor suggest companies should carefully scrutinize third-party vendors and software development kits (SDKs), privacy experts told us in recent interviews. The focus on children’s privacy suggests Chairman Andrew Ferguson and Republican commissioner are following through on this administration’s promises to protect children, they said.

The California legislature passed two laws about artificial intelligence and automated decision systems on Friday, the last day for legislators to pass bills. In addition, it approved a measure on age-verification signals. Gov. Gavin Newsom (D) has until Oct. 12 to sign or veto the bills.

Regulating AI should center on limiting the technology's potential risks, labor representatives and other advocates said during a session of the Massachusetts Joint Committee on Advanced Information Technology, the Internet and Cybersecurity. At a hearing Thursday, they said their goal includes protecting state residents from AI's possible harms while also letting them reap its benefits.

Many industries are sounding the alarm over proposed rules to implement the New Jersey Data Privacy Act. In comments submitted by the Sept. 2 deadline, industry officials said a draft by the attorney general’s Division of Consumer Affairs is too burdensome and exceeds what’s allowed under the NJDPA and other laws. On the flip side, several consumer privacy advocates suggested that the state legislature should overhaul the law itself to make it far stricter.

The growing use of voice recognition technologies in the public and private sectors is prompting data protection and regulatory concerns, an advisory body, the U.K. Biometrics & Forensics Ethics Group (BFEG), and a privacy consultant said.

Colorado is right to craft a knowledge standard to hold companies accountable for willfully ignoring user age in its draft kids privacy rules, consumer groups said in comments due Sept. 5 (see 2509100045).

The California legislature passed a bill Thursday to require web browser support for universal opt-out preference signals (OOPS). Also, at our deadline, a California bill adding requirements for data brokers had enough votes to pass the legislature, though the tally wasn’t final. On Wednesday, the state legislature also passed a bill on social media account cancellations.

While there are state and federal protections for sensitive data, a comprehensive privacy framework at the federal level is needed to ensure all modes of data sharing are transparent, legal and regulated, panelists said Wednesday. They spoke during a Center for Democracy and Technology (CDT) webinar about the federal government’s recent attempts to access state data.

NetChoice raised constitutional concerns Wednesday with Colorado's draft kids privacy regulations. Known for suing states over age-verification laws, the trade group and three other industry associations testified virtually at a Colorado Department of Law hearing on the same day as a deadline for written comments. “These rules will not survive a legal challenge,” said Patrick Hedger, NetChoice's policy director.

The U.S. Court of Appeals for the 2nd Circuit on Wednesday upheld a $46.9 million fine against Verizon for violating FCC data rules in a decision that could trigger the U.S. Supreme Court to take the case, given the current split in the circuits (see 2509100019). In August, the D.C. Circuit upheld a similar fine against T-Mobile (see 2508150044), while the 5th Circuit earlier rejected a fine imposed on AT&T (see 2504180001).