Election year 2026 could drive more headline-grabbing state privacy enforcement, said Womble Bond privacy attorney Tyler Bridegan in an interview with Privacy Daily. In general, state privacy enforcement seems to be at the "very beginning of the bell curve,” said Bridegan, who was recently director of privacy and tech enforcement for Texas Attorney General Ken Paxton (R). Also, Bridegan praised Ryan Baasch, another alumnus of the Texas AG's office, who's expected to be nominated as an FTC commissioner by President Donald Trump.
In 2026, states and regulators will likely focus on many of the same areas they examined previously, including kids’ privacy and AI, said Cobun Zweifel-Keegan, managing director of IAPP, Washington, D.C., in an interview with Privacy Daily. On the federal level, a flood of privacy legislation is expected by year-end, he added.
Vermont Rep. Monique Priestley (D) defended her continued push for a private right of action (PRA) in comprehensive privacy legislation while speaking on Marketecture's Monopoly Report podcast Wednesday. Also, Priestley said she aims to respect donors’ privacy as she makes a run for state Senate in 2026 (see 2510290024).
Massachusetts took another step toward the possible passage of a comprehensive privacy bill. The House side of the state legislature’s Advanced IT Committee advanced a new version (H-4746) of the proposed Massachusetts Consumer Data Privacy Act on Monday.
New Jersey’s Senate Commerce Committee on Monday passed legislation that would exempt insurance entities and national securities agencies from certain disclosure requirements in the state’s comprehensive privacy law.
How much of an increase Global Privacy Control (GPC) adoption will see after California enacted a law requiring web browser support depends partly on how companies like Google and Apple implement universal opt-out preference signals in their browsers, said Justin Brookman, director of technology policy for Consumer Reports, in an interview with Privacy Daily. Brookman is an editor of the Worldwide Web Consortium (W3C) spec for GPC and manages the popular opt-out mechanism’s website.
Last month's addition of Minnesota and New Hampshire to states’ Consortium of Privacy Regulators (see 2510080008) “highlights a growing movement at the state level of coordinated privacy regulation and enforcement,” Constangy privacy attorney Ryan Steidl blogged Monday. With about half the states with comprehensive privacy laws now in the club, “it is likely that other states will join as their laws come into effect in 2026,” he said.
Zero states passing new comprehensive privacy laws in 2025 so far “is conspicuous and enigmatic,” said IAPP in a retrospective analysis posted Monday that also said privacy regulation was busy this year.
Privacy and AI-focused state lawmakers will meet with congressional offices next week to discuss legislative priorities, Virginia Del. Michelle Lopes Maldonado (D) told us in an interview Friday. For 2026, she expressed interest in updating Virginia’s comprehensive privacy law and regulating AI chatbots with Democrats now in full control of the legislative and executive branches after Tuesday's election.
The California Privacy Protection Agency is exploring possible rulemakings in the categories of employee data, opt-out preference signals (OOPS), disclosures and notices and reducing friction exercising consumer privacy rights, CalPrivacy staff told the board at its Friday meeting. Unlike with the previous rulemaking package on automated decision-making technology and other subjects, the agency plans to “present more targeted recommendations addressing only one or two policy issues at a time,” said General Counsel Philip Laird.