On October 22, 2024, the Consumer Financial Protection Bureau (the “CFPB”) finalized its personal financial data rights rule (“The Final 1033 Rule” or the “Final Rule”) that would require data providers to make available to consumers and their authorized third parties certain covered data in the data provider’s control or possession concerning a covered consumer financial product or service. This Final Rule comes a year after the CFPB initially proposed the rule (the “Proposed Rule”) in October of 2023.

On May 24, 2024, Minnesota’s governor signed the 18th comprehensive state privacy law since California enacted the first comprehensive data privacy legislation in 2018. The Minnesota Consumer Data Privacy Act (“MCDPA”) will take effect on July 31, 2025. The MCDPA is similar in many ways to current data privacy laws but also has some elements unique to the MCDPA.

The legal landscape surrounding the creation, use and governance of artificial intelligence (AI) is rapidly changing and growing, imposing significant obligations on business and new rights for individuals. In recent months, the US has seen new AI laws and regulations, both passed and proposed, at both the federal and state levels. The following details some recent developments in the US. There is a clear trend towards notifying consumers that they are interacting with AI, protecting individuals from the risks of AI, as well as an emphasis on AI governance. But stay tuned—these ...

So far 2024 has seen a flurry of new and proposed state comprehensive privacy legislation. Nebraska and Kentucky are the two latest states to jump on the bandwagon. Both follow the now familiar framework established by the Virginia Consumer Data Protection Act. We explore each below.

New Hampshire.  On March 6, 2024, New Hampshire Governor Chris Sununu signed the state’s first comprehensive consumer privacy bill into law. The New Hampshire Privacy Act (the “NHPA”) is now the fourteenth such law to be passed in the United States, joining likes of California, Oregon, Montana, Iowa, Indiana, and Tennessee, just to name a few. The NHPA is slated to take effect January 1, 2025 and will be enforced by the New Hampshire Attorney General.

Like many of its predecessors, the NHPA provides New Hampshire residents with rights to access, correct, and delete their personal ...

Last week we wrote about the California Court of Appeals’ February 9th decision vacating the trial court’s June 2023 order delaying enforcement of the California Privacy Rights Act (“CPRA”).  After that decision, we were left to wonder whether the plaintiff, the California Chamber of Commerce (the “Chamber”), would pursue an appeal. This week we got our answer. On February 20th the Chamber filed a petition with the California Supreme Court seeking review of the Court of Appeals’ decision.

The Chamber’s petition is unsurprising, given its staunch opposition to ...

On February 9, 2024, a California Court of Appeals vacated a June 2023 order delaying enforcement of the California Privacy Rights Act’s (CPRA) implementing regulations. It has been a long journey for the California Privacy Protection Agency (CPPA), which promulgated the regulations almost a year ago, on March 29, 2023. The CPPA planned to begin enforcement of the regulations as early as July 1, 2023, but last spring, the California Chamber of Commerce (Chamber) filed a lawsuit arguing for delayed enforcement. In June 2023, a California superior court ruled in favor of the ...

Last week, the White House issued an update on President Biden’s October 30, 2023 Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (the “AI EO” or “EO”). The update detailed the progress made on the EO directives, including among others, using the Defense Production Act to require AI companies to make specific reports on their AI systems to the government and proposing a rule that would require cloud companies to report foreign use of their services to train AI models and verify the identities of foreign customers. As ...

In July, Oregon’s governor signed into law the Oregon Consumer Privacy Act (“OCPA”), making Oregon the eleventh state to enact a comprehensive privacy law.  The OCPA goes into effect on July 1, 2024.  Covered business other than applicable non-profits must comply with the OCPA by that date.  Applicable non-profits will become subject to the OCPA on July 1, 2025.   

On June 30, 2023, a court in Sacramento issued an order enjoining enforcement of the implementing regulations promulgated by the California Privacy Protection Agency (CPPA) under the California Privacy Rights Act of 2020 (CPRA). If the order stands, enforcement will be delayed until March 29, 2024.

About Data Points: Privacy & Data Security Blog

The technology and regulatory landscape is rapidly changing, thus impacting the manner in which companies across all industries operate, specifically in the ways they collect, use and secure confidential data. We provide transparent and cutting-edge insight on critical issues and dynamics. Our team informs business decision-makers about the information they must protect, and what to do if/when security is breached.

Stay Informed

* indicates required
Jump to Page

Subscribe To Our Newsletter

Stay Informed

* indicates required

By using this site, you agree to our updated Privacy Policy and our Terms of Use.