Flag of California, depicting a large brown bear beside a red star, above the words "California Republic."

CCPA + CPRA Timeline of Key Events

[Updated: August 30, 2023] As the first comprehensive state privacy law to provide broad consumer rights over personal information, the California Consumer Privacy Act of 2018 (“CCPA”) is a groundbreaking privacy law in the United States, and it paved the way for subsequent state comprehensive privacy laws. However, the road to progress is rarely smooth, and the CCPA has experienced a long and arduous journey toward changing how covered entities handle Californians' personal information. To ca...
Image of computer circuitry in a harsh red tint.

The Risks of LLMs and Generative AI

[Modified version originally published as International Insights Article: Privacy implications for organizations using generative AI, by Lily Li, on OneTrust DataGuidance, June 2023.] Well, the cat is out of the bag – or at least the chat is. Generative AI and large language models (“LLMs”) are here to stay. From philosophical conversations between the dead to Murakami-inspired artworks for downtown LA, the possibilities of user-friendly AI are limitless. Regulators are scrambling to enforce ex...
A map of the United States, with pins pushed into various areas as if indicating places visited.

An overview of the twenty (and counting!) US state comprehensive privacy laws

[Last updated: Mar. 27, 2026] Since 2018, US state legislative bodies have shown no signs of slowing their efforts to pass comprehensive privacy laws. While these laws often mirror one another, they also often differ in notable and material ways. This creates a complicated patchwork of obligations and requirements for businesses navigating the data ecosystem, because operating nationwide may require formulating a compliance approach broad enough to satisfy all of the different US state compreh...
Image of Earth from Space with Computer Network

NEW BLOG ALERT

Looking for our most recent content? Metaverse Law has launched a new blog at Metaverse.Law. See you all there....
An image of the flag of Europe, which consists of twelve golden stars forming a circle on a blue field.

Meta fined US $1.3 billion for data transfer violations

The decade-long case on Meta’s transfer of EU personal data to the United States ended on May 22, 2023, with a € 1.2 billion (US $1.3 billion) GDPR fine against Meta.[1] In addition, the Irish Data Protection Commission (DPC) exercised the following corrective powers against Meta: An order, pursuant to Article 58(2)(j) of the GDPR, requiring Meta Ireland to suspend any future transfer of personal data to the US within five months. An order, pursuant to Article 58(2)(d) of the GDPR, requirin...
A green speech bubble depicted on a dark background.

Chatbot Contracts: Enforcing TOS Agreements in Computer-Generated Conversations

[Although the rise of generative AI and large language models may seem novel, regulation of chatbots extends back years. To demonstrate, here is an article originally published by Metaverse Law's founder and president, Lily Li, in the Spring 2017 Orange County ABTL Report.] Humanity has long imagined self-aware computers that can pilot our vehicles, purchase goods, and even sing songs for us, whether as the malevolent Hal in 2001: A Space Odyssey or the spunky Samantha in Her. Though fully sent...
The flag of Washington state, depicting an image of George Washington's face in a yellow circle, with a green background.

An Overview of Washington’s “My Health, My Data” Act

On April 27, 2023, Governor Jay Inslee of Washington signed into law HB 1155, the "My Health, My Data" Act (MHMD Act). The MHMD Act claims to address the lack of protections for health data collected by entities not covered by HIPAA, the federal law that regulates how hospitals, health care providers, and other covered entities can handle health data. To achieve that goal, the MHMD Act was drafted in such a way as to provide sweeping protections that go beyond what most would consider to be pro...
Flag of California, depicting a large brown bear beside a red star, above the words "California Republic."

CPRA regulations finalized and effective immediately

[Update: On March 30, 2023, the California Chamber of Commerce filed suit against the California Privacy Protection Agency, arguing that the amended regulations should not enter force until once year following finalization of the regulations. The court agreed, holding that enforcement cannot occur until one year after the regulations were finalized, thereby pushing the enforcement date from March 29, 2023, to March 29, 2024. The case is being appealed, but it is not expected to be finalized unti...
1 5 6 7 8 9 18