California Attorney General Rob Bonta has reached a $530,000 settlement with Sling TV, marking the first enforcement action under the California Consumer Privacy Act (CCPA) against a streaming service....more
On October 21, 2025, the California Privacy Protection Agency (CPPA) launched a webpage previewing the Data Rights Opt-out Portal (DROP), a tool designed to fulfill the California Delete Act’s mandate to create a centralized...more
Here are some recent privacy and cybersecurity related news stories that caught our attention over the past couple of weeks.
Otter.ai Suit Highlights Risks of Using User Data to Train AI -
Otter.ai is facing a federal...more
10/21/2025
/ Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Compliance ,
Consent ,
Data Privacy ,
Department of Justice (DOJ) ,
Enforcement Actions ,
Machine Learning ,
Popular ,
Privacy Laws
Otter.ai is facing a federal class action in California alleging that its AI transcription tool, Otter Notetaker, secretly recorded private conversations on popular video conferencing platforms without proper consent. The...more
To bring a claim under the Video Privacy Protection Act (VPPA), a plaintiff must qualify as a “consumer,” which the statute defines as any renter, purchaser, or subscriber of goods or services from a video tape service...more
The Colorado Attorney General recently published draft rules implementing a new children’s privacy law in the state. Companies have until September 10th to comment on the rules. With the new children’s privacy statute going...more
The Minnesota Consumer Data Privacy Act takes effect July 31, 2025. The Minnesota measure has a few unique requirements among state comprehensive privacy law. Here are a few that deserve a second look...more
On July 24, 2025, the California Privacy Protection Agency (CPPA) Board held a public meeting to finalize major amendments to the CCPA regulations, including rules on Automated Decision-Making Technology (ADMT), risk...more
On June 25, 2025, Governor Ned Lamont signed Connecticut Senate Bill 1295 into law. SB 1295 significantly amends the Connecticut Data Privacy Act (CTDPA) by lowering the threshold for applicability, broadening the definition...more
On June 22, 2025, Texas Governor Greg Abbott signed the Texas Responsible AI Governance Act (TRAIGA) into law. While earlier versions of the bill mirrored broader frameworks like the EU AI Act, the final version scales back...more
A federal court in Illinois has dismissed a class action suit filed under the Illinois Biometric Information Privacy Act (BIPA), finding that Hyundai did not “collect, capture, or otherwise obtain” biometric data by use of...more
In a significant win for the defense, a California federal judge denied class certification in a California Invasion of Privacy Act (CIPA) suit alleging that AddShoppers and Peet’s Coffee unlawfully tracked website visitors...more
7/2/2025
/ California ,
CIPA ,
Class Action ,
Class Certification ,
Cookies ,
Data Collection ,
Data Privacy ,
Invasion of Privacy ,
Litigation Strategies ,
Privacy Laws ,
Web Tracking ,
Websites
The New Jersey Division of Consumer Affairs has released proposed rules to implement the New Jersey Data Privacy Act (NJDPA). For covered businesses, these proposed rules demand close attention—not only for their substantive...more
Here are some recent privacy and cybersecurity related news stories that caught our attention over the past couple of weeks.
California Privacy Protection Agency (CPPA) Issues New Proposed Regulations -
The CPPA has...more
The California Privacy Protection Agency (“CPPA”) Board released newly modified draft regulations addressing automated decision-making technology (“ADMT”), risk assessments, and cybersecurity audits under the California...more
On April 7, 2025, Arkansas passed the Arkansas Children and Teens’ Online Privacy Protection Act (HB 1717) - a state law modeled closely after the federal Children and Teens’ Online Privacy Protection Act (widely referred to...more
Kilpatrick’s John Brigagliano recently spoke at the Association of Corporate Counsel (ACC) DFW Annual In-House Symposium in Frisco, Texas. John spoke on the topic of “Privacy in a Flash: Keeping Up with Rapid Changes in State...more
The U.S. Department of Justice (DOJ) has issued a final rule that significantly restricts the transfer of bulk sensitive personal data and government-related data to certain foreign entities deemed countries of concern....more
Starting January 2025, five state privacy laws will take effect, providing consumer privacy rights to a new swath of individuals across the country. Delaware, Iowa, Nebraska, and New Hampshire’s laws will go into effect on...more
Public Comment Period Opens. The California Privacy Protection Agency (“CPPA”) opened the public comment period on a long in the works update to the California Privacy Protection Act (“CCPA”) regulations. Concerned...more
As state-level privacy laws continue to expand in the absence of federal legislation, businesses must prepare to meet a growing patchwork of requirements or risk penalties and reputational harm. In 2025, eight additional...more
On May 16, 2024, the Illinois Legislature passed Senate Bill 2979 (SB2979), clarifying how damages are calculated under the Illinois Biometric Information Privacy Act (BIPA). 740 ILCS 14/1, et seq. This amendment confirms...more
On July 1, 2024, three more U.S. state privacy regulations will take effect. While these laws align with many of the principles established by other state privacy laws, they also introduce unique compliance requirements...more
General Background -
On May 17, 2024, Governor Jared Polis of Colorado enacted the Colorado Artificial Intelligence (AI) Act (CAIA), marking a significant milestone as what its sponsor calls a “chassis,” an initial...more
On May 16, 2024, the Illinois Legislature passed Senate Bill 2979 (SB2979), marking a significant amendment to how damages are calculated under the Illinois Biometric Information Privacy Act (BIPA). This amendment refines the...more