Key point: Colorado lawmakers will have another opportunity to amend the Colorado AI Act.
On August 6, Colorado Governor Jared Polis announced that he is calling back the Colorado legislature for a special session starting Thursday, August 21, at 10:00 a.m. The special session is primarily directed at dealing with
Key point: The California legislature is considering more than 20 AI-related private sector bills.
The California legislature is currently in its summer recess, returning on August 18. Once it returns, it will have approximately five weeks to pass bills prior to closing for the year on September 12.
Key point: At its July 24 board meeting, the California Privacy Protection Agency Board authorized agency staff to finalize regulations on automated decision-making technology, risk assessments, cybersecurity audits, insurance, and changes to the existing regulations.
At its July 24 meeting, the California Privacy Protection Agency Board authorized agency staff to finalize and submit to the Office of Administrative Law the rulemaking package on various new California Consumer Privacy Act (CCPA) regulations. The new regulations are on automated decision-making technology, risk assessments, cybersecurity audits, insurance, and changes to existing regulations.
In this article, we provide an overview of some of the more notable aspects of the regulations. We also will be hosting a two-part webinar series on August 21 and September 25 to provide a more in-depth analysis of the regulations. Click here for more information and to register.
Renowned Privacy Law Attorney Brings Extensive Experience in State Legislation and AI Regulation, Strengthening Firm’s National Reach and Service Offerings
David Stauss has joined Troutman Pepper Locke as a partner in the firm’s Privacy and Cyber Practice Group. A distinguished authority in privacy, information security, and AI law, Stauss brings
In Part Two of this FAQ series, we continue to break down Virginia’s Senate Bill 754, Consumer Protection Act; prohibited practices, etc., reproductive or sexual health information (Act), which amends the Virginia Consumer Protection Act (VCPA). The law went into effect on July 1, 2025.
In what appears to be an emerging privacy litigation trend, plaintiffs’ attorneys have recently filed a series of putative class action lawsuits targeting data companies in possession of cellular telephone numbers. The lawsuits attempt to leverage an untested provision in Colorado’s Prevention of Telemarketing Fraud Act (PFTA) which prohibits knowingly listing “a cellular telephone number in a directory for a commercial purpose unless the person whose number has been listed has given affirmative consent[.]” Colo. Rev. Stat. Ann. § 6-1-304(4). Although the law was originally enacted in 2005, there is almost no case law interpreting its provisions. However, the PFTA provides for statutory damages of $300-500 per violation, attorneys’ fees, and costs, making it attractive to plaintiffs’ lawyers. Several other states have similar laws. See, e.g., Conn. Gen. Stat. Ann. § 16-247s, N.Y. Gen. Bus. Law § 399-cc.1, Minn. Stat. Ann. § 325E.318, 73 Pa. Stat. Ann. § 2403, S.D. Codified Laws § 49-31-118, and TX UTIL § 64.202.
In Part One of this FAQ series, we break down Virginia’s Senate Bill 754, Consumer Protection Act; prohibited practices, etc., reproductive or sexual health information (Act), which amends the Virginia Consumer Protection Act (VCPA). The law goes into effect on July 1. Overall, given the broad definitions used in the Act, the law likely regulates organizations that are not traditional health care companies, and goes beyond traditional health information.
Troutman Pepper Locke attorneys assess California’s collaboration with other foreign governments on promoting privacy rights and what this means for the future of data protection worldwide.
The California Privacy Protection Agency recently announced that it signed a declaration of cooperation on privacy protections or collaboration with the UK Information Commissioner’s Office, its latest collaboration with a foreign government.
In this episode of the Regulatory Oversight podcast, Stephen Piepgrass welcomes David Navetta, Lauren Geiser, and Dan Waltz to discuss the $51.75 million nationwide class settlement involving Clearview AI and its broader implications. The conversation focuses on Clearview AI’s facial recognition software, which has sparked controversy due to its use of publicly available images to generate biometric data.
On June 2, the New Jersey Division of Consumer Affairs announced the publication of new proposed regulations to implement the New Jersey Data Privacy Act (NJDPA), N.J. Stat. §§ 56:8-166.4 et seq., which went into effect on January 15. (Please see our prior article on the NJDPA for more details.) Although many of these proposed regulations appear familiar – similar to the finalized regulations under the California Consumer Privacy Act (CCPA) and the Colorado Privacy Act (CPA) – New Jersey introduced several new requirements worth noting.