All 20 U.S. comprehensive privacy laws will be in effect Jan. 1 when Kentucky, Indiana and Rhode Island join 17 other states with broad privacy statutes. However, those three new state laws coming online are unlikely to significantly reshape the U.S. consumer privacy landscape, privacy experts said in interviews with Privacy Daily.
Biometric Privacy
Biometric privacy laws regulate how companies handle sensitive personal identifiers like facial scans, fingerprints and voiceprints. In the U.S., Illinois’ BIPA has led to landmark litigation and multimillion-dollar settlements, setting a precedent for consent, data retention and security standards. Other states and countries are following suit with their own biometric requirements. This page covers key lawsuits, regulatory action and compliance best practices in the biometrics space.
Companies hosting virtual meetings should be cognizant of how third-party tools are using biometric data, as evidenced by a recent lawsuit in Illinois, Robinson+Cole privacy attorney Kathryn Rattigan said in a post Wednesday.
The House Commerce Committee plans to take “action” on comprehensive privacy legislation after considering kid bills this spring, a committee staffer said in a statement Friday.
As tools that collect biometrics and biometric information have become a focus for plaintiffs’ bars in recent years, there were many developments around Illinois’ Biometric Information Privacy Act (BIPA) in 2025, Squire Patton lawyers wrote in a post Thursday.
Most proposed changes to the GDPR in the European Commission's digital omnibus package would, if approved, diverge in some respects from U.K. data protection law, Stephenson Harwood data protection attorneys said in a Nov. 27 analysis that assessed how the 10 key proposed GDPR changes compare with U.K. law. However, they are unlikely to affect either side's data transfer adequacy decisions, said Hogan Lovells privacy lawyer Eduardo Ustaran.
Though age gating is increasingly prevalent, laws regulating it vary widely from state to state, and courts haven't fully addressed their legality, said Corynne McSherry, legal director at the Electronic Frontier Foundation (EFF).
Lawyers and privacy advocates are raising questions about a key proposal in the European Commission's digital omnibus package that aims to reform the GDPR by allowing legitimate interests as a legal basis for processing personal data for AI models.
Possible New York regulations aimed at protecting kids against addictive feeds raise significant privacy concerns, tech industry and consumer privacy groups agreed in comments reviewed Tuesday by Privacy Daily. The groups weighed in Monday on a Sept. 15 NPRM from the state attorney general's office to implement the Stop Addictive Feeds Exploitation (SAFE) for Kids Act.
Texas gives no good reason for a federal court to uphold the state’s app store age-verification law, the Computer & Communications Industry Association said Thursday.
AI chatbots create privacy risks, and Congress should explore data-protection obligations, House Commerce Committee Republicans and Democrats said during a House Oversight Subcommittee hearing Tuesday.