Mississippi Gov. Tate Reeves (R) signed an AI executive order Wednesday that directs the state’s IT department to “conduct an inventory of all AI technologies being planned, piloted, acquired, developed, and/or utilized by each state agency.” Also, the department should “evaluate the processes, guidelines (including procurement) and/or uses of AI currently in place at each state agency,” it said. Moreover, the order directs the department to develop policy recommendations for state agencies to responsibly use AI and to work with the public and private sector on best practices.
Legislation that would establish state-enforced civil penalties for AI-related violations was prefiled in Washington and Virginia this week.
New York state legislators opened their 2025 session Wednesday, introducing comprehensive and healthcare-focused privacy bills, among other measures related to consumer data. Assemblymember Nily Rozic (D) offered the 2025 version of the New York Privacy Act. However, some of it is "not aligned with other comprehensive privacy laws,” which could make compliance a challenge for businesses, warned Hinshaw & Culbertson privacy attorney Cathy Mulrow-Peattie in an email Wednesday.
A reintroduced Connecticut AI bill aims to build on the state’s 2022 comprehensive privacy law, state Sen. James Maroney (D), the privacy law’s author, said in an interview. Maroney’s second attempt at establishing AI requirements will be a priority bill for majority Democrats in the Connecticut Senate next year, Maroney, Senate President Pro Tempore Martin Looney and Majority Leader Bob Duff said in a joint announcement last month.
The Danish Data Protection Authority plans to focus on child protection, real-life digital tracking and data subjects' right to erasure this year, it announced, according to an unofficial translation. Other priorities include generative AI and healthcare, and processing personal data in pan-European information systems. The authority noted it could also bring own-initiative cases based on complaints and other input.
A comprehensive New York bill to regulate AI surfaced ahead of the state’s legislative session that opens Wednesday. The Assembly referred A-768 by Assemblymember Alex Bores (D) to the Consumer Affairs and Protection Committee.
Generative AI's sustainability and success are critically dependent on information governance, said Jim Merrifield, Robinson+Cole’s director of information governance and business intake, in a Thursday blog post.
A New York bill prefiled for 2025 would require disclosure of state agencies’ use of automated employment decision-making tools. A-433 would require agencies to annually publish a list of the tools, including descriptions of each, when the agency started using it, and a summary of its purpose. Also, the state’s IT office would have to maintain an inventory of AI systems used by agencies.
Better international enforcement cooperation, AI and data free flow with trust (DFFT) are 2025's top priorities for Group of 7 (G7) data protection authorities, several told us. Their October roundtable in Rome focused on those three topics, the European Data Protection Supervisor (EDPS) reported. Representatives from Canada, France, Germany, Japan, the U.K., the U.S., the EDPS and the European Data Protection Board participated.
Vermont and Washington state will soon introduce comprehensive privacy bills, while Connecticut will have a bill that would add data minimization rules and make other changes to its 2022 law, legislators told Privacy Daily ahead of sessions starting this month. Also, legislators in Oklahoma and South Carolina prefiled bills last month for the 2025 legislative sessions. Additional privacy bills are expected this year in several other states, said privacy lawyers and consumer advocates in other interviews.