US State Law

New York AG Announces $650,000 Settlement with Social Media App Developer for Students’ Privacy and Safety Concerns

March 12, 2025 By Alex Brown, Maki DePalo and Hyun Jai Oh

On March 7, 2025, the Office of the New York State Attorney General (NY AG) published an Assurance of Discontinuance (Assurance) settling claims against Saturn Technologies, Inc. (company), a developer of a social media app for high school students. The NY AG found that the company made unsubstantiated claims about the app’s privacy and safety […]

California Attorney General Targets Location Data in New Investigative Sweep

March 12, 2025 By David Keating and Hyun Jai Oh

This week California Attorney General Rob Bonta announced a new investigative sweep under the California Consumer Privacy Act (CCPA). We have anticipated this sweep for some time based on the focus and the direction of a number of inquiries, investigations, and enforcement proceedings initiated by Attorney General Bonta’s office over the past 12-24 months. The […]

California Attorney General Delays Enforcement of CAADCA Amidst Legal Challenge

March 6, 2025 By Maki DePalo and Hyun Jai Oh

On March 4, 2025, the California Attorney General (AG) announced a further delay in the enforcement of the California Age-Appropriate Design Code Act (CAADCA) until April 5, 2025. Initially operative on July 1, 2024, CAADCA’s enforcement had already been postponed to March 6, 2025, due to a trade association’s challenge to the statute’s validity. This […]

Virginia Legislature Passes Second US AI Governance Act behind Colorado: Comparing the AI Acts

March 4, 2025 By Alex Brown, Jennifer Everett, Daniel Felz, Ashley Miller and Dorian Simmons

On February 20, 2025, the Virginia legislature passed the High-Risk Artificial Intelligence Developer and Deployer Act (House Bill 2094, the “VA AI Act”) that mandates developers and deployers of high-risk artificial intelligence systems (“HRAI systems”) to adhere to specific governance requirements. The VA AI Act will come into effect on July 1, 2026 (if Virginia […]

Congress Seeks Comments on Comprehensive Federal Data Privacy Law

February 25, 2025 By Jennifer Pike, Jennifer Everett, Kate Hanniford and Evan Collier

Since the first comprehensive state data privacy law went into effect in California in 2020, 18 other states have enacted comprehensive data privacy laws, with 14 others currently moving through their respective state legislative process. The proliferation of such state laws is happening at a breakneck pace, and leaving in their wake regulated entities who […]