Eight state regulators have established a coalition called the Consortium of Privacy Regulators to collaborate on the implementation and enforcement of their privacy laws. According to announcements from the California Privacy Protection Agency (“CPPA”) and California Attorney General Rob Bonta, the Consortium aims to coordinate enforcement efforts, share priorities, and discuss developments in privacy law.
In addition to the CPPA and Attorney General Bonta, the Consortium includes the attorneys general of Colorado, Connecticut, Delaware, Indiana, New Jersey, and Oregon.
Privacy enforcement has been active in 2025, particularly in California. The CPPA and the California Attorney General’s Office are engaged in numerous nonpublic enforcement matters. California’s privacy enforcement authorities have also recently announced enforcement actions against an automotive manufacturer and data brokers, and the Attorney General’s Office is currently pursuing an investigative sweep into the location data practices of a significant number of businesses across industry.
Collaboration among state regulators heightens enforcement risk, as it increases the likelihood that an action in one jurisdiction could prompt similar enforcement efforts in another.
Alston & Bird’s Privacy, Cyber & Data Strategy Team and Privacy & Cybersecurity Litigation Team have extensive experience advising and defending clients who receive inquiries and violation notices from California and other state privacy regulators. Contact us if you have any questions related to privacy enforcement. We will continue to monitor developments in privacy regulatory enforcement in California and other states.
