The Colorado AI Act (SB24-205) is effectively frozen just weeks before its June 30, 2026 effective date, following a stay in enforcement of the law by a Magistrate Judge in the District of Colorado on April 27, 2026.
By way of background, on April 9, xAI filed suit in federal court seeking to enjoin
Our team members will be participating in several speaking engagements over the coming months, sharing perspectives on emerging trends, regulatory developments, and practical challenges across the global data privacy, AI, and cybersecurity landscape.
Continue Reading Upcoming Speaking Engagements: Insights on Data Privacy, AI, and Cybersecurity
Connecticut Attorney General William Tong recently issued an advisory memorandum (“Advisory”) to all “State Officials, Agencies and Concerned Parties” about how existing Connecticut laws apply to artificial intelligence (“AI”).
In the Advisory, Attorney General Tong hints at enforcement priorities and offers businesses a roadmap for compliance in describing how Connecticut’s civil rights, privacy and data security, competition, and consumer protection laws apply to AI system use. Businesses operating in Connecticut are reminded that, even without a statewide AI law, obligations under these laws regulate their AI system use. Those Connecticut residents who read the Advisory are reminded of their rights and encouraged to report AI related harms to the Connecticut Office of the Attorney General (“OAG”).
Continue Reading Old Laws, New Tricks: Connecticut AG Issues Advisory on How Current Connecticut Laws Apply to Artificial Intelligence
A recording is now available for “California and Beyond: HR Data Risk Issues for Employers,” a highly relevant webinar covering the rapidly shifting world of HR data, privacy obligations, and AI regulation. Presented by Squire Patton Boggs Partners Alan Friel and Michael Kelly, and Associate Sam Kim, this session will give employers the clarity they need as new rules take effect and enforcement ramps up.
Continue Reading A Timely Look at HR Data and AI Regulation Trends: Webinar Recording Available
PrivacyWorld’s Alan Friel and Kyle Fath broke down what companies need to consider in 2026 to meet new and ongoing data laws and regulations in a Stafford / Barbri presentation on January 7, 2026. The PowerPoint is available here and includes appendices that break down details of, and compare and contrast, consumer privacy laws. Coverage
In 2025, India’s approach on AI has shifted significantly from, “Will AI change the way business is done?” to “What is the best way to adopt it to enable business expansion?” Guided by the principles of People, Planet, and Progress, “Safe and trusted AI for all” has become the motto governing India’s approach to AI. The evolving digital infrastructure, specific sector-driven regulation, techno-legal philosophy, strength of the powerful Global South, and a strong inclusion narrative are cornerstones to India’s AI journey.
Continue Reading India Issues 2025 AI Governance Guidelines: How It Compares to Other Global AI Acts
One of the most significantly litigated areas of privacy law is biometric privacy. Tools that collect biometric information and biometric identifiers—including facial geometries, fingerprint scans, and voiceprints—are increasingly common for businesses across industries. Unfortunately, such tools in recent years have become focuses of the plaintiffs’ bar.
2025 saw continued developments in litigation under Illinois’ Biometric Information Privacy Act (BIPA), one of the first and most important biometric privacy laws in the country, as well as other, lesser-litigated biometric laws. Squire Patton Boggs’ globally ranked “Elite” Data Disputes team is well experienced defending businesses and their data practices, including in the realm of biometric privacy, in both litigation and arbitration, including mass arbitration. See also https://www. privacyworld.blog/2025/12/2025-mass-arbitration-year-in-review/
In this article, informed by our practical experience litigating and arbitrating biometric cases, we: (I) provide a brief primer on BIPA and then take a look at some highlights of the 2025 biometric privacy litigation space, including (II) class action and mass arbitration activity under BIPA, (III) key questions regarding defenses to BIPA claims on appeal at the Seventh Circuit, (IV) a decision contrasting BIPA with New York City’s biometric regime, (V) developments under other biometric laws enforced by attorneys general, and (VI) the intersection of AI and biometric privacy laws.
Continue Reading 2025 Year-In-Review: Biometric Privacy Litigation
The 2025 legislative cycle marked a pivotal year in US privacy law, defined not only by continued nationwide expansion into Artificial Intelligence (AI) governance, children’s and teen privacy and online safety, as well as emerging data categories, but by a major restructuring of California’s privacy enforcement infrastructure. California’s introduction of the Delete Request and Opt-out Platform (DROP) system, the nation’s first centralized, statewide platform for managing consumer deletion requests; combined with sweeping reforms to the Consumer Privacy Fund, will materially increase CalPrivacy and attorney general enforcement capacity on a recurring, self-replenishing basis. These developments accompany completion of a far-reaching rulemaking package that imposes detailed obligations for Data Protection Impact Assessments (DPIAs or risk assessments), cybersecurity governance and Automated Decision-Making Technology (ADMT). At the same time, states beyond California have enacted targeted statutory reforms addressing neurotechnology, data-broker practices and minors’ online safety, underscoring that – absent federal preemption – state-driven models will continue to shape the national privacy compliance landscape in 2026. By January 2026, there will be 20 state consumer privacy laws in effect, several with unique material obligations. We detail what enterprises need to be prepared for in 2026 and explain why we believe next year will be a watershed period for consumer privacy in the US.
Continue Reading 2025 State Privacy Roundup: Key Trends and California Developments to Watch in 2026
A Domino’s customer may proceed in her putative class action for violations of the California Invasion of Privacy Act (CIPA) against ConverseNow for its provision of an AI virtual assistant that processes restaurant telephone orders. In Taylor v. ConverseNow Technologies, Inc., Case No. 25-cv-00990-SI, 2025 WL 2308483 (N.D. Cal. Aug. 11, 2025), the Court held that a communication software provider that could potentially improve its software with collection of communications was plausibly violating CIPA even though it had an agreement with the business receiving the communications. This ruling serves a cautionary note to both software companies and – because of potential aiding and abetting liability – companies that use those technologies.
Continue Reading Extra Large PII-zza: Courts Allows California Privacy Class Action to Proceed for Use of AI Phone Call Assistant
The California Consumer Privacy Act (CCPA) requires that privacy notices be updated annually, and that the detailed disclosures it proscribes be in those notices reflect the 12-month period prior to the effective (posting) date. Interestingly, failure to make annual updates was one of several alleged CCPA violations that resulted in a recent $1.35 Million administrative civil penalty by the California Privacy Protection Agency (CPPA) against retailer Tractor Supply Company. Also, three more state consumer protection laws go into effect on January 1, 2026, which will require notice and consumer rights intake changes, if applicable. Additionally, new and amended CCPA regulations will bring new obligations for businesses starting the first of the year that need to be addressed between now and then. Also recommended is a general checkup with particular attention to enforcement priorities.
Continue Reading Your Year-end U.S. Privacy “To Do” List – don’t wait until the holiday crush to become 2026-ready