Virginia Gov. Glenn Youngkin on March 24 vetoed House Bill 2094, the “High-Risk Artificial Intelligence Developer and Deployer Act.” The veto can only be overridden by a two-thirds vote of the House, which seems unlikely given the close vote in the House on the Senate substitute (52-Y; 46-N).
Posts tagged as “Data Protection”
Utah Gov. Spencer Cox on March 27 signed into law Senate Bill 226 relating to the use of generative artificial intelligence in consumer transactions and regulated services. The law goes into effect on May 7, 2025.
Kentucky Gov. Andy Beshear on March 15 signed into law House Bill 473, which amends the Kentucky Consumer Data Protection Act. The amendments will go into effect Jan. 1, 2026.
The upward trend in data privacy legislation continued in 2024. Narrowing the focus to “comprehensive” legislation, i.e., that which conveys certain rights to consumers and restricts the collection and use of their personal information, over 70 bills were filed.
Minnesota Gov. Tim Walz recently signed into law HF 4757, the Minnesota Consumer Data Privacy Act, making Minnesota the 18th state to enact a comprehensive consumer data privacy law. The Act will go into effect July 31, 2025.
Maryland Gov. Wes Moore on May 9 signed into law House Bill 567/Senate Bill 541, the Maryland Online Data Privacy Act of 2024, making Maryland the 17th state to enact a comprehensive consumer data privacy law.
The Massachusetts Office of Attorney General (“AGO”) recently issued an Advisory on the development, supply, and use of artificial intelligence (“AI”). The Advisory provides guidance in the context of the Massachusetts Consumer Protection Act,[1] Anti-Discrimination Law,[2] Data Security Law,[3] and associated regulations.
Nebraska Gov. Jim Pillen on April 17 signed into law LB 1074, the Nebraska Data Privacy Act, making Nebraska the 16th state to enact a comprehensive consumer data privacy law following California, Virginia, Colorado, Utah, Connecticut, Iowa, Indiana, Tennessee, Montana, Texas, Oregon, Delaware, New Jersey, New Hampshire, and Kentucky. The law will go into effect Jan. 1, 2025.
Kentucky Gov. Andy Beshear on April 4 signed into law House Bill 15, the Kentucky Consumer Data Protection Act, making Kentucky the 15th state to enact a comprehensive consumer data privacy law following California, Virginia, Colorado, Utah, Connecticut, Iowa, Indiana, Tennessee, Montana, Texas, Oregon, Delaware, New Jersey, and New Hampshire.
The upward trend in data privacy legislation continued in 2023. According to the National Conference of State Legislatures, “[a]t least 40 states and Puerto Rico introduced or considered at least 350 consumer privacy bills in 2023,” a significant increase from the 200 bills in 2022.
The Federal Trade Commission recently announced approval of an amendment to the Gramm-Leach-Bliley Act Safeguards Rule to require nonbank financial institutions to report to the FTC the unauthorized acquisition of unencrypted customer information involving at least 500 consumers (a “notification event”).
Delaware Gov. John Carney on Sept. 11 signed into law House Bill 154, the Delaware Personal Data Privacy Act. This makes Delaware the 12th state to enact a comprehensive consumer data privacy law.