Businesses are working toward compliance with Maryland’s comprehensive privacy law, despite its differences with 19 other states' comprehensive privacy laws, two McNees privacy attorneys said in an interview with Privacy Daily on Monday. Devin Chwastyk, who co-chairs the firm’s privacy and data security group, predicted “the phone will start ringing with more vigor” as the Maryland Online Data Privacy Act’s April 1 “enforcement deadline approaches.” In addition, he said MODPA may signal the end of “cookie-cutter” state privacy bills.
It’s best to avoid building privacy compliance programs around specific regulations or treating customers differently by region, Iman Saleh, Airbnb senior manager of AI privacy architecture said during a panel at the Risk Digital Global virtual conference Thursday. “Generalize when possible" and "work within the spirit of the law, not the letter of the law,” she said.
States are passing a large variety of laws to regulate AI, with some, like Colorado, taking a comprehensive approach and others, like California, targeting specific issues such as discrimination and employment, Vedder Price attorney Michael Kurzer observed Thursday on a panel at the Risk Digital Global virtual conference. Also, the lawyer said he sees “strong overlap between regulation of privacy and the issues that we're focused on now with AI.”
If the last three years in state privacy "was really the bill-passing phase,” then 2026 “might be the year of enforcement,” said DBR Tech Law’s Nicole Sakin McNeill on a Wednesday webinar by Privado, a privacy compliance vendor.
California Privacy Protection Agency (CalPrivacy) fines for Delete Act violations next fall could rise from tens of thousands of dollars to tens of millions of dollars -- at least -- with no room for negotiation on total penalties, panelists said on a webinar by consumer privacy vendor Reklaim on Wednesday. In addition, many more companies may be considered data brokers covered by the law than realize it now, they said.
Expect 2026 to be “an extremely active year around AI” in state legislatures next year, regardless of President Donald Trump’s expected executive order to curb state AI bills, National Conference of State Legislatures CEO Tim Storey said on a Tuesday webinar with reporters. Trump said Monday he will issue an order blocking state AI regulation through national standards (see 2512080056).
Consumer advocates released a model bill on AI chatbots Tuesday that aims to address growing privacy concerns around the technology. Consumer Federation of America, Electronic Privacy Information Center (EPIC) and Fairplay have already shared the "People-First Chatbot Bill" with lawmakers in several states and plan to talk to more legislators soon, EPIC counsel Kara Williams told Privacy Daily.
New York senators delivered a controversial New York health data privacy bill to Gov. Kathy Hochul (D) on Monday, nearly a year after it quickly passed the legislature back in January (see 2501280023). Transmission of S-929 gives Hochul 10 days to decide its fate, a spokesperson for the governor's office said Tuesday. “The Governor will review the legislation."
Vermont could next year join California in requiring browsers to include an option for activating global opt-out preference signals (OOPS). Rep. Monique Priestley (D), who also will be pursuing a comprehensive privacy bill and at least one data broker measure (see 2512040015), has a draft bill pending on “Browser Opt-Out,” among many other bills about data and AI, according to Priestley’s webpage as updated Friday.
Vermont Rep. Monique Priestley (D) will push again for comprehensive privacy legislation -- and probably one of two data broker bills -- when the legislature returns Jan. 8, she said in an interview last week with Privacy Daily. A series of town halls yielded much public excitement for privacy protections and potential new support from small businesses next year, said Priestley, who also will be running for state senator in 2026 (see 2510290024).