March 19, 2025

U.S. Privacy and Data Protection Updates | Insights | Q1 2025 (State Law)

Portrait Liana Chen
By Liana Chen

Partner

The United States continues to see exponential growth in privacy and data protection laws, and while we are already three months into 2025, businesses and privacy professionals should continue to anticipate incoming privacy and security laws; some are already in effect and others are soon to become enforceable.

State Privacy Law Updates

Comprehensive state privacy laws are already existing in California, Virginia, Connecticut, Colorado, Utah, Texas, Montana, Nevada, Oregon, Delaware, Iowa, Nebraska, New Hampshire, and New Jersey. There are also industry or topic specific privacy laws and legislation in various states, including Illinois, Vermont, Florida, and on issues like biometrics, data brokers, and AI.

Moreover, states that have laws that will be effective later in 2025 or 2026 include: Tennessee, Minnesota, Maryland, Indiana, Kentucky, and Rhode Island.

For data brokers in particular, both California and Vermont have data broker registration updates in 2025, with the California Privacy Protection Agency (CPPA) requiring annual registration by January 31st and reporting of certain privacy metrics by July 1st (with other requirements in 2026), and Vermont's House Bill 211 that would mandate registration with the Secretary of State. Texas and other states also have privacy laws that impact data brokers.

In addition, companies using automated decision-making technology (ADMT), which may include artificial intelligence, processing sensitive data, or collecting or using data certain ways (including data “sales” or “sharing”) should take note of California’s rulemaking efforts involving risk assessments, ADMT notices, and cybersecurity audits (see our prior blog post here).

State Enforcement Trends and Texas Examples

States are cracking down and enforcing these privacy laws, with no intention in slowing down.

For example, the California Attorney General and CPPA have been enforcing the California Consumer Protection Act (CCPA) through public and private investigations and actions.

Furthermore, Texas has established a privacy enforcement team within the Consumer Protection Division of the Texas Attorney General. Their sole objective is to enforce Texas’ privacy laws such as:

  • The Texas Data Privacy and Security Act (TDPSA)
  • The Texas Data Broker Act
  • The Capture or Use of Biometric Identifier Act (CUBI)

Some notable enforceable actions from Texas include:

  • A $1.4 billion settlement with Meta over its alleged unauthorized capture of biometric data, which was the largest settlement to date brought by an individual U.S. state
  • Notifying over one hundred companies that they showed purported failure to comply with the Texas Data Broker Law and lacked measures to protect data of consumers.

Conclusion

As shown by proactive enforcement actions, businesses should not underestimate how critical it is to stay up to date and maintain their data compliance measures. There seems to be no indication that California, Texas, and others will be slowing down efforts and interest in taking legal action.

Kronenberger Rosenfeld, LLP regularly advises clients regarding data and privacy compliance. Contact our firm using our online case submission form.

This entry was posted on Wednesday, March 19, 2025 and is filed under Privacy and Data Protection Updates, Internet Law News.



Related articles

Privacy & Cybersecurity

U.S. Privacy and Data Protection | Insights |

U.S. Privacy and Data Protection | Insights | May 2024 (State Law) The California Privacy Protection Agency board recently gathered to revise draft regulations to implement parts of the state's...

Read Article

Privacy & Cybersecurity

U.S. Privacy and Data Protection | Insights |

Businesses using tracking services should take note. A class certification decision was recently granted in a lawsuit against Prudential Financial, Inc. regarding website tracking practices. Specifically, the federal court in...

Read Article

Privacy & Cybersecurity

U.S. Privacy and Data Protection | Insights |

As many businesses are already aware of the California Consumer Privacy Act (CCPA) in California, it is important to note there are also now dozens of enacted and proposed state...

Read Article

Privacy & Cybersecurity

CCPA Opt-out Buttons as Options for CCPA Compliance

The proverbial dust from the implementation of the California Consumer Protection Act (“CCPA”) has settled. And at this point, most businesses are aware that under the CCPA, California residents have...

Read Article
Get the help you need.

We offer legal advice on a wide range of online topics

Get legal help now

Not seeing what you’re looking for?

Submit your case in 3 minutes and get legal help fast.

Submit your case online

OR

Give us a call
Join our mailing list

Stay ahead of legal matters

The internet moves fast. We'll keep you informed.