U.S. State Privacy Laws

 

Nuanced comprehensive consumer privacy laws have been enacted in the U.S. by state legislatures, with more to come. Understanding their similarities, differences, and interactions with other laws, as well as the accompanying regulatory environment, is no small task.  Sidley provides insight and perspective.  You will also find our convenient tables and a map providing effective dates of the statutes and their amendments. Our Privacy and Cybersecurity lawyers also regularly contribute state law developments to the Sidley AI Monitor.

 

 

Feb 132026

Children’s Privacy in 2026: From Australia’s Under-16 Social Media Ban to a Shift Beyond Notice-and-Consent in the United States

, , ,
Michael C. Hochman, Colleen Theresa Brown, Sheri Porath Rockwell and Ben Cross

Recent developments in children’s privacy and online safety regulation reflect a global shift away from notice-and-consent frameworks toward access restrictions, design mandates, categorical advertising prohibitions, and ecosystem-level age-assurance mechanisms. Using Australia’s under-16 social media ban as a case study, this article examines four converging regulatory trends emerging across the United States, Europe, and the United Kingdom. These developments increasingly affect product design, advertising, and data governance decisions for companies operating consumer-facing digital services.

(more…)

Read more
Michael C. Hochman

Washington, D.C.

michael.hochman@sidley.com

Colleen Theresa Brown

Washington, D.C.

ctbrown@sidley.com

Sheri Porath Rockwell

Century City

sheri.rockwell@sidley.com

Ben Cross

Chicago

bcross@sidley.com

Feb 122026

Reviewing The Legal Landscape Of Social Media For Minors

, ,
Randi Singer and Katie Clemmons
Concerns about the impact of social media on children and adolescents have grown among U.S. lawmakers, parents, and public health officials. While federal oversight remains largely limited to narrow data privacy protections for minors, states have moved to fill the gap with a wave of laws governing minors’ access to and use of social media platforms. Companies should closely track these developments to anticipate new obligations and adapt their policies and procedures on a jurisdiction-by-jurisdiction basis. Read the full article to learn more about emerging state laws, enforcement trends, and practical steps companies can take to prepare.

(more…)

Read more
Randi Singer

New York, Palo Alto

randi.singer@sidley.com

Katie Clemmons

New York

katie.clemmons@sidley.com

Jul 312025

A Mid-Year Privacy Check-In – Important Developments and New Compliance Obligations for Privacy Laws

, , , , , ,
Colleen Theresa Brown, Sheri Porath Rockwell and Sasha Hondagneu-Messner

During the first half of 2025, state legislators and regulators have been working overtime to enact new data privacy laws and expand existing laws, all of which are likely to have an impact on businesses in the remainder of the year and into 2026.  These efforts reflect key themes such as increased regulation of teen data and social media platforms, enhanced restrictions on the collection and sale of geolocation and biometric data, simplified opt-out mechanisms for tracking technologies, and broader obligations concerning consumer health data and data minimization. In parallel, significant regulatory activity surrounding AI has emerged, including a new federal AI Action Plan and proposed amendments to the CCPA addressing automated decision-making technologies, alongside a wave of new state AI laws.

(more…)

Read more
Colleen Theresa Brown

Washington, D.C.

ctbrown@sidley.com

Sheri Porath Rockwell

Century City

sheri.rockwell@sidley.com

Sasha Hondagneu-Messner

New York

shondagneumessner@sidley.com

Jul 292025

California Privacy Protection Agency Advances Substantial Rulemaking – Cyber Audits, Risk Assessments, New Automated Decisionmaking Technologies Rights, and More

, , , , , ,
Sheri Porath Rockwell, Colleen Theresa Brown, Thomas D. Cunningham, Sasha Hondagneu-Messner and Stephanie Y. Lim

The California Privacy Protection Agency (Agency) on Thursday, July 24, 2025, approved a comprehensive set of new California Consumer Privacy Act (CCPA) regulations that the Agency has been developing for over four years. Before taking effect, the proposed regulations must still be approved by California’s Office of Administrative Law (OAL). It is possible some of these provisions may change with the OAL’s review, which must be completed within 30 business days after the Agency submits to the OAL its final rulemaking package. However, many expect that most of the proposed regulations will pass OAL review. If approved, several of the proposed regulations would be effective as of January 1, 2026. (more…)

Read more
Sheri Porath Rockwell

Century City

sheri.rockwell@sidley.com

Colleen Theresa Brown

Washington, D.C.

ctbrown@sidley.com

Thomas D. Cunningham

Chicago

tcunningham@sidley.com

Sasha Hondagneu-Messner

New York

shondagneumessner@sidley.com

Stephanie Y. Lim

New York

stephanie.lim@sidley.com

Jun 122024

An Artificial Intelligence, Privacy, and Cybersecurity Update for Indian Companies Doing Business in the United States and Europe

, , , , , , ,
William RM Long, Ash Nagdev and Colleen Theresa Brown

Pivotal shifts have occurred in global data privacy, artificial intelligence (AI), and cybersecurity from executives facing more pressure to monitor their organizations’ cybersecurity operations, to an unprecedented wave of consumer data privacy laws and rapid advancements in AI technology use and deployment. Indian organizations should establish best practices to address these new (and emerging) laws, regulations, and frameworks.

(more…)

Read more
William RM Long

London

wlong@sidley.com

Ash Nagdev

Palo Alto

anagdev@sidley.com

Colleen Theresa Brown

Washington, D.C.

ctbrown@sidley.com