Legislators in states like Texas, Connecticut, New York and Massachusetts can set the tone for privacy-related AI laws in 2025, stakeholders told the Multistate AI Policymaker Working Group during a public feedback session Monday.
A Hawaii data privacy bill that state Sen. Chris Lee and five other Democrats (SB-1037) introduced Friday generally follows other comprehensive state bills in the mold of Virginia or Connecticut.
Almost all comprehensive state privacy laws include enforcement language against AI-related discrimination, so additional efforts to regulate automated decisions could be redundant, Minnesota Rep. Steve Elkins (D) told Privacy Daily in a recent interview.
The early weeks of January have brought a blizzard of state bills focused on protecting kids online, including requiring age verification on porn and social media websites. Some industry groups have long raised privacy concerns with such mandates, arguing they could require that users submit sensitive information confirming their age or parental status to consent to a child’s access.
State privacy enforcers will “take up the baton for any lag in federal action” this year, Smith Anderson lawyers blogged this week. “Businesses, even in states without comprehensive privacy laws, face increased compliance risks.”
New Jersey’s privacy law took effect Wednesday. It’s the 14th of 20 states with enforceable privacy laws and the fifth comprehensive state law to take effect this month, increasing companies’ risk (see 2501060066).
Colorado will step in if the federal government pulls back on privacy enforcement under the second Trump administration, the state’s AG Phil Weiser (D) told Privacy Daily. In an interview, he said privacy will continue to be a priority for the state in 2025, with Weiser hoping to raise awareness with businesses and consumers about their duties and rights under the Colorado Privacy Act (CPA).
Privacy laws in the EU and at the state level in the U.S. serve as a basis for building an AI regulation regime, Morrison Foerster’s Marian Waldmann Agarwal and Marijn Storm said during a webinar about the intersection of privacy and AI last week. The partners discussed recent AI regulatory developments and their intersection with privacy obligations.
New-for-2025 comprehensive privacy bills appeared in Illinois and Oklahoma this week. In Illinois, state Sen. Sue Rezin's (R) proposed measure seems based on California’s law. The Oklahoma proposal, from Sen. Brent Howard (R), takes a Virginia-style approach. Privacy Daily is tracking comprehensive bills in at least five states.
Businesses should write broad biometric compliance strategies in response to Colorado Privacy Act (CPA) regulations adopted last month by the state attorney general office, BCLP lawyers Goli Mahdavi and Andrea Rastelli blogged Thursday.