What are the top 5 data privacy concerns for my clients the past couple of months?

Here are some notes I recently compiled for a meeting of Fox Rothschild’s national Privacy Law Practice Group.

Patchwork Paralysis

  • How do you address the new laws popping up in Kentucky, Maryland, and Vermont?
  • How do you get ready for private right of action in Vermont?
  • What are state regulators thinking? Are they looking to each other for enforcement examples? Regulations? Are they considering complaints made by competitors? (Per a recent update at the IAPP Global Privacy Summit, the answers are: “Yes”, “Yes” and “Yes.”)

Federal Privacy Law?

  • What should we know about the APRA?
  • Is it likely to pass? (State AGs are voting: Floor not ceiling.)

Children’s Information

  • New lawsuits are putting edtech companies on notice
  • States, including Maryland and Vermont, are passing age appropriate design codes with many new obligations.
  • New obligations for under 18’s (not just under 16’s as before)

Health information

  • The FTC has been hard at work with two new enforcements.
  • The OCR is also not resting with its guidance that applies to online trackers.


  • FTC says no carve out for AI.
  • Colorado passed the Colorado Artificial Intelligence Act, with a lot of obligations and a focus on algorithmic bias.
  • The OMB passes details memo with obligations for state agencies and government contractors.
  • Illinois proposes amendment re: employee profiling using AI.