U.S. Privacy and Data Protection Updates | Insights | Q2 2025 (Federal Law)

As we reach the middle of 2025, privacy laws continue to evolve at an ever-increasing pace. It is important to remain aware of significant trends shaping the privacy landscape this past quarter.

Ad Data

A growing number of state laws are regulating and restricting the use of personal data for targeted advertising, especially when it comes to minors. Some states are moving to ban targeted ads to children outright, while others are tightening consent requirements and limiting the sale of sensitive data for advertising purposes.

Precise Geolocation

Precise geolocation data is increasingly being swept into the definition of “sensitive data” under new state privacy laws. States are looking towards requiring opt-in consent for collection and use of this type of data, with some states imposing strict minimization and disclosure requirements to prevent misuse of location information.

Minors

Legislators are doubling down on protecting children online, with federal and state bills such as the Kids Online Safety Act (KOSA), which pushes for stricter safeguards, enhanced parental controls, and outright bans on targeted advertising to users under 16. In addition to protecting against certain ad practices, states are also experimenting with age verification requirements and privacy-friendly defaults, aiming to curb harmful content and limit data collection of minors.

Health Data

States are taking cues from Washington’s My Health My Data Act and similar legislation by introducing bills that require explicit consent before collecting or sharing health information, while also banning the sale of sensitive health data to third parties. New proposals also target digital health services, mandating robust security standards, and breach notifications, with some states focusing on confidentiality for mental health and reproductive health data.

Biometrics

Biometric privacy is still gaining traction, with more states considering laws that require written consent before collecting biometric identifiers such as fingerprints or facial scans. New bills are also exploring private rights of action, strict retention limits, and even regulating emerging technologies such as brain-computer interfaces, reflecting a growing wariness of biometric misuse. This follows already high fines and settlements for biometric cases under existing laws.

Staying flexible and adaptable in this shifting environment is essential. As state and federal lawmakers continue to refine privacy protections, businesses should keep a close eye on these trends to ensure compliance and build trust with users.

If your business is looking to stay ahead of evolving privacy requirements, contact us today through our online submission form. Our team regularly assists clients with privacy compliance, and we are ready to guide you and your business through the latest regulatory changes.