Data Safety Laws You Can't Ignore

Kids, Clicks, and Compliance: Data Safety Laws You Can’t Ignore

Understanding age assurance vs. age verification vs. age signals and their impact on children and developers For companies operating online, safeguarding kids in a digital world means navigating complex data protection rules along with many compliance challenges.  In the vacuum of federal legislation, individual states started passing their own regulations, creating a fast-growing patchwork of age-verification laws across the country. In several U.S. states, such as Florida, Texas, Louisiana, a...
Automated decision-making technologies (ADMT) in employment decisions

Using AI’s Tools in Hiring, Firing, and Compensation Decisions

What Employers Need to Know About Using ADMT in Employment Decisions Decisions about hiring, termination, and compensation represent substantial administrative costs for employers. Automated decision-making technologies (“ADMT”) can significantly streamline the process. However, employers using ADMT should be aware of recent and existing regulations governing the use of AI tools in evaluating prospective and current employees. In addition to recent AI-specific regulation, use of AI tools in maki...
California Sets Rules for AI Nationwide

California Sets National AI Policy

  In The Vacuum Of Federal Legislation, California Sets National AI Policy by Lily Li | Founder of Metaverse Law | Cybersecurity & AI Lawyer Within a day of taking office, President Trump overturned Biden’s Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence.[1] The agencies quickly followed suit. The EEOC and DOL withdrew their guidance on AI and workplace discrimination, and the HHS stalled on its proposed updates to the HIPAA security r...

CalPrivacy’s Data Broker Enforcement Strike Force: updates and enforcement actions

On November 26, 2025, CalPrivacy (previously the CPPA) issued a decision requiring ROR Partners LLC to pay $56,600 for failure to register as a data broker under California’s Delete Act. According to the decision, the company used “billions of data points” from over 262 million Americans to create consumer profiles and audience lists, which ROR’s clients could then use for targeted advertising. This action was brought as part of CalPrivacy’s Data Broker Enforcement Strike Force, designed to inv...
Image of a cellular phone with the ChatGPT app open.

Overview: The EU General-Purpose AI Code of Practice

Why Do We Need a Code of Practice? On August 2, 2025, the general-purpose AI (GPAI) provisions of the EU AI Act went into effect. GPAI models (including models that support most generative AI, like ChatGPT), now face certain obligations in the EU, including requirements around transparency, copyright and systemic risk. However, the EU AI Act is a framework: it defines obligations but leaves technical details to harmonized standards and codes of practice. While this approach sets certain expecta...
Flag of California, depicting a large brown bear beside a red star, above the words "California Republic."

CCPA Draft Regulations Sent for Final Approval

On July 24, 2025 the California Privacy Protection Agency (CCPA) board voted 5-0 to finalize Draft Regulations to the California Consumer Privacy Act (CCPA). The CPPA sent the rulemaking package to the Office of Administrative Law, which has 30 days to approve the regulations. The rulemaking process for these Draft Regulations began in 2022, and while the regulations have been narrowed since the prior proposal, the Draft Regulations will significantly impact how companies manage automated decis...
Image of a computer circuit board with "AI" written on one of the chips.

AI Updates: An Overview of the Legal Landscape

As AI continues to advance, so do regulatory efforts. During the 2024 legislative session, 45 states along with Puerto Rico, the Virgin Islands, and Washington D.C. all introduced AI bills. With the legislative session for 2025 wrapping up, we are seeing similar tends this year. As new legal requirements emerge, organizations across the U.S. and EU may face overlapping – yet not identical – regulations that touch on issues of bias, safety, privacy, and transparency. Additionally, these laws may...
1 2 3 4 18