Colorado plans to forgo a mandate that companies verify users' ages in a rulemaking that updates the state’s comprehensive privacy law. But when enforcing kids privacy restrictions, the state's attorney general could consider companies’ use of age-estimation technologies, said draft rules released Tuesday.
Wis. Representative ‘Super Cautiously Optimistic’ About Signing Comprehensive Privacy Bill This Year
Wisconsin Rep. Shannon Zimmerman (R) aims to fast-track comprehensive privacy legislation when state legislators return from summer recess, he said in an interview last week with Privacy Daily. The lawmaker is hopeful that he will find bipartisan support and that the bill will pass in 2025 after it hit roadblocks in prior legislative sessions, he said.
Businesses should start thinking now about complying with new data-protection regulations approved Thursday by the California Privacy Protection Agency (CPPA), privacy attorneys said immediately afterward in blogs and LinkedIn posts. While consumer privacy advocates slammed the rules as weak, one acknowledged they still give California a lead over other U.S. states.
The California Privacy Protection Agency will soon take 15 days of comments on revised draft rules for implementing a data-deletion mechanism under the California Delete Act, the five-person CPPA board decided unanimously during a partially virtual meeting Thursday. The agency expects to extensively test the system to work out any kinks before data brokers start accessing it in August 2026, said General Counsel Philip Laird.
The California Privacy Protection Agency approved rules on automated decision-making technology (ADMT) and other subjects at a partially virtual meeting Thursday. CPPA Board members voted 5-0 to clear the rulemaking package, which also covers risk assessments, cybersecurity audits, insurance and updates to California Consumer Privacy Act (CCPA) regulations.
A consumer advocacy group that sponsored the California Delete Act offered a mostly positive assessment of the California Privacy Protection Agency’s latest draft of rules for implementing a data deletion mechanism. Concerns linger that data brokers may try to shirk the requirements, said Emory Roane, Privacy Rights Clearinghouse associate director of policy, in an email to Privacy Daily. However, the CPPA’s new draft answers key questions about ensuring the Delete Request and Opt-Out Platform (DROP) will work effectively when it opens to consumers Jan. 1 and data brokers on Aug. 1, 2026.
The California Privacy Protection Agency won't make further significant changes to proposed rules in a controversial rulemaking on automated decision-making technology (ADMT) and other subjects, according to a draft released Tuesday. Meanwhile, in a proceeding on creating a data-deletion mechanism, the agency proposed several clarifications on data broker responsibilities. The CPPA posted those and other materials ahead of Thursday’s scheduled board meeting (see 2507110055).
A proposed change to the California Consumer Privacy Act (CCPA) about publicly available information hit a temporary roadblock Wednesday in the Assembly Privacy Committee. Sen. Aisha Wahab (D) said she planned to work with California businesses over the summer to refine SB-435, which failed to clear the committee but is still alive. “We are deeply committed [to] working with industry.”
Virginia’s reproductive health data privacy law could be amended next year in response to concerns from retailers, state Sen. Barbara Favola (D) said in an email to Privacy Daily Wednesday. “I expect to be making some changes to my data privacy law during the 2026 session.”
California Assemblymember Buffy Wicks (D) said her bill to require transmission of age-verification signals (AB-1043) “still is a very strong bill” after she accepted various proposed changes. At a Senate Judiciary Committee hearing Tuesday, Chair Thomas Umberg (D) foreshadowed more adjustments could come in the weeks ahead.