A New Jersey requirement that recognizes universal opt-out mechanisms (UOOMs) becomes enforceable in the state’s comprehensive privacy law on Tuesday.
Colorado shouldn’t use upcoming kids’ privacy regulations as a “back door” to require age verification, retailers warned the state’s law department last week. In addition to warning against requiring verification through possible rules about a company’s “willful disregard” of a user being a minor, industry groups cautioned that any regulation of system design features mustn’t violate the First Amendment.
Despite a modest fine, a settlement this week between Connecticut and online marketplace TicketNetwork over potential violations of the state's Data Privacy Act (CTDPA) (see 2507080010) includes significant takeaways, privacy professionals said. However, a consumer advocate said the $85,000 penalty -- the first under the CTDPA -- also shows how comprehensive privacy laws based on Connecticut's model don't do enough to protect consumers.
Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching the title or clicking on the hyperlinked reference number.
Not only has General Motors (GM) and subsidiary OnStar unlawfully collected, processed and sold Nebraskans' sensitive data since 2015, but many residents unknowingly opted in to these data practices, Attorney General Mike Hilgers (R) alleged in a lawsuit against the companies Tuesday. The AG said GM and OnStar violated the Nebraska Consumer Protection Act and Uniform Deceptive Trade Practices Act.
Utah should consider amending its comprehensive privacy law, given the underwhelming number of consumer privacy complaints filed in the statute’s first 18 months, said Attorney General Derek Brown (R) and the Utah Division of Consumer Protection in a report obtained Wednesday by Privacy Daily. “Complaints have not been as forthcoming as anticipated,” it said, but “violations are likely occurring.”
Legislators in Texas, Maryland and Vermont say they will renew bipartisan efforts to regulate AI at the state level after the U.S. Senate on Tuesday dropped its proposed AI moratorium.
A comprehensive privacy law taking effect Tuesday in Tennessee may appear business-friendly compared with similar measures in other states, but privacy lawyers note that it also contains some of the highest penalties for noncompliance. Companies could avoid a Tennessee crackdown by taking advantage of a novel safe harbor in the law, Mintz’s Cynthia Larose told Privacy Daily.
Maine has joined a growing list of states in which comprehensive privacy bills stalled in 2025. However, Rep. Amy Kuhn (D), the Maine Judiciary Committee’s House chair, told Privacy Daily on Thursday that her LD-1822 will return in 2026.
Disclosing private data for certain unlawful reasons will be a crime in Oregon starting next year. Gov. Tina Kotek (D) on Tuesday signed SB-1121, which makes unlawful disclosure of private information a Class B misdemeanor.