State Privacy Laws

Subscribe to State Privacy Laws

One of the most litigated state telemarketing laws in the country has been significantly pared down. On May 2, 2023, the Florida legislature passed a bill to amend the Florida Telephone Solicitation Act (FTSA), Fla. Stat. § 501.059. The bill was presented to Florida Governor Ron DeSantis on May 16 and was signed into law on May 25. In this post, we cover the origins of the FTSA, its prior scope, and how the amendments modify the law. This amendment should significantly curtail lawsuits filed under the FTSA against companies that use technology to assist in placing calls to consumers.

Continue Reading Florida Significantly Narrows the FTSA

Less than one month after Utah adopted the nation’s first law restricting the use of social media platforms by minors under 18, Arkansas last week enacted its Social Media Safety Act (the Act), SB396. The Act, which goes into effect on September 1, 2023, similarly bars minors from holding accounts on social media platforms without parental consent and requires social media companies to complete “reasonable age verification” via a third-party vendor.

Continue Reading Arkansas Becomes Second State To Enact Social Media Restrictions for Minors

On March 28, Iowa Governor Kim Reynolds signed Senate File 262, effective January 1, 2025, making Iowa the sixth state to offer comprehensive privacy protections. Iowa’s new legislation appears to be the most business-friendly omnibus privacy law yet, with fewer requirements than those of other states. The law will apply to a person who conducts business in Iowa or produces products or services targeted to Iowa residents, and who meets either of the following requirements in a calendar year: (1) processes the personal data of 100,000 consumers or more (consumers defined as residents of Iowa “acting only in an individual or household context”) or (2) controls or processes the personal data of at least 25,000 consumers and derives over 50% of annual gross revenue from the sale of personal data.

Continue Reading Joining the Privacy Party: Iowa Becomes the Sixth State To Adopt a Comprehensive Privacy Law

On March 24, 2023, Texas House Representative Giovanni Capriglione participated in a virtual interview with the Dallas chapter of the International Association of Privacy Professionals (IAPP) about his recently introduced bill, HB 4, also known as the Texas Data Privacy and Security Act (TDPSA). The interview was moderated by Samantha V. Ettari, Perkins Coie LLP senior counsel and co-chair of the IAPP KnowledgeNet Dallas Chapter, and Justin L. Koplow, AT&T senior legal counsel and also a co-chair of the IAPP Dallas Chapter. The conversation focused on a variety of subjects, including Rep. Capriglione’s professional technology background and subsequent journey into privacy issues, the development of the TDPSA, its specific provisions, and how the bill compares to privacy regimes in other states, including the Virginia Consumer Data Protection Act (VCDPA), on which it was modeled. This is the third comprehensive consumer privacy bill Rep. Capriglione has advanced, and this one appears to be channeling the momentum of six states’ comprehensive privacy laws, Texas denizens’ apparent interest in consumer privacy, and a significant national conversation around consumers’ and children’s privacy. 

Continue Reading Saddle Up: Texas Makes Another Push to Join States With Comprehensive Consumer Privacy Laws

Utah state lawmakers are poised to change how (and when) minors who reside in Utah can use social media. Introduced in January, S.B. 152 and H.B. 311 recently cleared the Utah legislature and both bills have been sent to Governor Spencer Cox, who dismissed industry concerns that the bills would pose privacy risks, impede minors’ independence, and violate the First Amendment. If signed, the bills would go into effect on March 1, 2024.

Continue Reading Utah Legislature Approves Social Media Restrictions for Minors

The U.S. District Court for the Northern District of Illinois recently found that in order for cell tower warrants to be supported by probable cause and satisfy Fourth Amendment concerns, they must include protocols limiting the government’s collection of information from individuals not involved in the underlying criminal activity. In In re Application for Tower Dump Data for a Sex Trafficking Investigation, No. 23 M 87, 2023 WL 1779775 (N.D. Ill. Feb. 6, 2023), the court only approved a “tower dump” warrant, commonly named as such for its tendency to sweep broadly and collect innocent third parties’ information, after the government provided restrictions on its search.

Continue Reading Northern District of Illinois Clarifies Standards for Tower Dumps 

The Colorado attorney general’s office sent shockwaves throughout the privacy world on September 30, 2022, when it published its proposed Colorado Privacy Act (CPA) draft rules (Draft Rules). The Draft Rules are complex and comprehensive; at 38 pages of single-spaced text, they are longer than the CPA itself. The Draft Rules are accompanied by a

Last week, the Consumer Privacy Protection Agency (Agency) Board rounded out the first half of 2022 by releasing draft California Privacy Rights Act (CPRA) regulations. This first set of CPRA regulations focus on updating existing California Consumer Privacy Act (CCPA) regulations to account for the new provisions of the CPRA and addressing specific areas such

The Better Business Bureau recently announced the launch of the TeenAge Privacy Program, which proposes a self-regulatory framework for companies to use in order to protect teen consumers and guide the responsible collection and management of teen data. The CISR’s new framework helps to address recent attention to the privacy and safety of teens online