Our team members will be participating in several speaking engagements over the coming months, sharing perspectives on emerging trends, regulatory developments, and practical challenges across the global data privacy, AI, and cybersecurity landscape.
Continue Reading Upcoming Speaking Engagements: Insights on Data Privacy, AI, and Cybersecurity
Over the years, we have followed unsuccessful attempts by Congress to develop a national consumer privacy law. Each time, two key issues have frustrated passage, (1) the degree to which, if at all, a federal law should preempt state consumer privacy laws (CPLs); and (2) if there should be a private right of action. The now 22 state CPLs have all avoided a private right of action, so potentially that issue will not be as contentious this go-around. Also, the 22-state patchwork makes a case for the federal government to at least set a ceiling, if not completely occupy the field. However, California, Colorado, Connecticut, Oregon, Minnesota, Maryland and other states seem intent to maintain a higher level of privacy protection than a baseline, and the Congresspersons and Senators from these higher watermark states may well continue to resist preemption, or at least raise the national bar. The new House Republican bill, the SECURE Data Act, is at best pretty middle of the road compared to the patchwork of state CPLs and would establish a single national regime that completely overrides state CPLs: “No State or political subdivision of a State may prescribe, maintain, or enforce any law, rule, regulation, requirement, standard, or other provision having the force and effect of law, if such law, rule, regulation, requirement, standard, or other provision relates to the provisions of this Act.” It was introduced along with amendment to the Gramm-Leach-Bliley Act – the GUARD Financial Data Act. The House Committee on Energy & Commerce sums up both bills here.
Continue Reading Here We Go Again ̶ House Republicans Introduce Federal Consumer Privacy Bill
In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.
The “Heart of Dixie” Embraces Consumer Privacy
Seventh Circuit Holds Amendment Decreasing BIPA Exposure Applies Retroactively
Will Spring Bring Maryland Privacy Enforcement?
Australia’s Exposure Draft Children’s Online Privacy Code – What this could mean for your business?
Oklahoma’s New Privacy Law Sweeps In
Stay Ahead on Consumer Privacy News
Not a subscriber yet? Subscribe here to be among the first to receive timely updates on the fast-moving world of data privacy, security, and innovation—delivered straight to your inbox.
Looking for deeper insights and expert analysis? You can also subscribe here to our privacy attorneys’ marketing communications for thought leadership and rich content when you need a more comprehensive perspective.
Email this postTweet this postLike this postShare this post on LinkedIn
On April 16, 2026, Governor Kay Ivey signed into law the Alabama Personal Data Protection Act (“APDPA”) after a unanimous vote in favor from both chambers of the Alabama legislature. The APDPA is the 22nd state consumer privacy law overall (counting Florida) and the second one enacted in 2026, following enactment of Oklahoma’s privacy law in March (summarized here).
We highlight key features of the APDPA below. (We also offer a subscription service that offers details and comparisons (by topic) of state consumer privacy laws (“CPLs”).)
Continue Reading The “Heart of Dixie” Embraces Consumer Privacy
Recently, the United States Court of Appeals for the Seventh Circuit, in a unanimous decision, prevented plaintiffs from imposing massive liability on a company accused of violating the Illinois Biometric Information Privacy Act (“BIPA”) and held that Illinois’ 2024 amendment decreasing BIPA damages applies retroactively.
Continue Reading Seventh Circuit Holds Amendment Decreasing BIPA Exposure Applies Retroactively
The Maryland Online Data Privacy Act (MODPA) is, as of April 1 of this year, now enforceable (subject to a potential cure opportunity until April 1, 2027). MODPA is amongst the strictest state consumer privacy laws (CPLs), and outright bans the sale of sensitive personal data, including precise geolocation data, as well as targeted advertising to under 18s. Beyond that, it has the strictest purpose limitation and data minimization provisions. We have compared MODPA to other CPLs here .
Privacy World’s Alan Friel elaborates on MODPA challenges in a recent article by The Capital Forum:
“[T]he act’s ‘biggest wildcard’ is how the state AG will interpret the law’s data minimization provisions, especially what constitutes ‘reasonably necessary and propionate‘ data collection in the context of digital advertising [in connection with a ‘requested’ online ‘product or service’]. Given that the law, like other state privacy laws, grants consumers the right to opt-out of the processing of personal data used for targeted advertising purposes … it would be inconsistent with that scheme to suggest that these activities are not reasonably necessary and proportionate to the use of web sites and mobile apps that rely on analytics, targeted advertising and other tracking technologies in the operation of their services. Informal industry discussions with AG personnel suggest that the state will align with that industry interpretation, …[b]ut the drafting is unique amongst privacy laws and ambiguous, so only time will tell.”
SPB offers tools and guidance to help companies manage the patchwork of US state privacy laws.
Disclaimer: While every effort has been made to ensure that the information contained in this article is accurate, neither its authors nor Squire Patton Boggs accepts responsibility for any errors or omissions. The content of this article is for general information only and is not intended to constitute or be relied upon as legal advice.
Stay Ahead on Consumer Privacy News
Not a subscriber yet? Subscribe here to be among the first to receive timely updates on the fast-moving world of data privacy, security, and innovation—delivered straight to your inbox.
Looking for deeper insights and expert analysis? You can also subscribe here to our privacy attorneys’ marketing communications for thought leadership and rich content when you need a more comprehensive perspective.
On March 31, 2026, the Office of the Australian Information Commissioner (OAIC) released its much-anticipated Exposure Draft of the Privacy (Children’s Online Privacy) Code (Draft Code). It introduces a number of novel concepts in addition to drawing from the UK Age-Appropriate Design Code (UK AADC), in an effort to “uplift privacy practices across entities more broadly” and keep children’s privacy safe in Australia. This posts breaks down how it could impact businesses.
Continue Reading Australia’s Exposure Draft Children’s Online Privacy Code – What this could mean for your business?
Connecticut Attorney General William Tong recently issued an advisory memorandum (“Advisory”) to all “State Officials, Agencies and Concerned Parties” about how existing Connecticut laws apply to artificial intelligence (“AI”).
In the Advisory, Attorney General Tong hints at enforcement priorities and offers businesses a roadmap for compliance in describing how Connecticut’s civil rights, privacy and data security, competition, and consumer protection laws apply to AI system use. Businesses operating in Connecticut are reminded that, even without a statewide AI law, obligations under these laws regulate their AI system use. Those Connecticut residents who read the Advisory are reminded of their rights and encouraged to report AI related harms to the Connecticut Office of the Attorney General (“OAG”).
Continue Reading Old Laws, New Tricks: Connecticut AG Issues Advisory on How Current Connecticut Laws Apply to Artificial Intelligence
On March 20, 2026, Oklahoma Governor Stitt signed the first new comprehensive state privacy law of 2026. The “Act relating to data privacy” is in force on January 1, 2027. In this post, we compare the new Oklahoma privacy law to the other 20 state consumer privacy laws already in force below.
Continue Reading Oklahoma’s New Privacy Law Sweeps InThe countdown is on—the IAPP Global Privacy Summit is only six days away, and we’re looking forward to seeing so many of you in Washington, DC, for another energizing and insightful week in the privacy community. If you’ll be in town, we’d love to connect.
Continue Reading We Hope to See You at the IAPP Global Privacy Summit!