Data Privacy
By Leslie Veloz
On October 13th, 2025, Governor Gavin Newsom signed into law AB 853, which amends the California Artificial Intelligence Transparency Act (AI Transparency Act (SB 942)), a law placing obligations on makers of generative AI systems aimed at increasing transparency to allow individuals to more easily assess whether digital content is generated or modified using AI.
Read MoreOn Oct. 13, 2025, California Governor Gavin Newsom signed into law Senate Bill 243 – Companion Chatbots. SB 243, authored by Senator Steve Padilla, requires operators of companion chatbot platforms to notify users that the chatbot is AI, provide specific disclosures to minors, and restrict harmful content. The law also includes a private right of action.
Read MoreOn October 13th, 2025, Governor Newsom signed the Digital Age Assurance Act (AB 1043) into law. Introduced by co-authors Assembly Member Buffy Wicks and Senator Tom Umberg, the law establishes age-assurance requirements for computer and mobile operating system providers and app stores as well as app developers with an aim to protect children’s online safety. The Digital Age Assurance Act enters into effect on January 1, 2027.
Read MoreOn October 8, 2025, California Governor Gavin Newsom signed into law Assembly Bill 656 — Account Cancellation. AB 656, authored by Assembly member Pilar Schiavo, focuses on social media platforms and requires them to provide users with a clear and accessible way to delete their accounts. This action must also trigger the complete deletion of the user’s personal data.
Read MoreOn October 8, 2025, California’s Governor Newsom signed AB 566—the California Opt Me Out Act—into law. The California Opt Me Out Act, using the same definitions as the CCPA, requires any business that develops or maintains an internet browser to build in an opt-out preference signal (“OOPS”) functionality. The law takes effect on January 1, 2027.
Read MoreOn October 8, 2025, Governor Gavin Newsom signed SB 361 into law. Introduced by Senator Josh Becker, the bill amends California’s Data Broker Registration Law (and amendments to the law under the Delete Act) with additional disclosure requirements for data brokers.
Read MoreBy Emily Litka
This is the second in a series of blog posts about the DOJ Rule regarding Access To U.S. Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered Persons (the “DOJ Rule”). It provides an overview of one of the categories of data that is in scope under the DOJ Rule: bulk U.S. sensitive personal data.
Read MoreOn September 29, 2025, California Governor Gavin Newsom signed the Transparency in Frontier Artificial Intelligence Act (TFAIA). Authored by Senator Scott Wiener, TFAIA follows the release of the Governor’s California Report on Frontier AI Policy, which was drafted by the Joint California Policy Working Group on AI Frontier Models.
Read MoreOn September 30th, the IAPP (formerly the International Association of Privacy Professionals) released its EU Digital Laws Report 2025, a comprehensive analysis explaining and synthesizing the requirements of core EU digital laws. The report aims to provide a resource to help the broadest possible class of organizations, platforms, and developers comply with the Data Governance Act, the Data Act, the Digital Markets Act, the Digital Services Act, the EU AI Act, and the NIS2 Directive.
Read MoreBy Hansenard Piou and Sam Castic
This is the first in a series of blog posts about the DOJ Rule regarding Access To U.S. Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered Persons (the “DOJ Rule”). It provides a high-level overview of the kinds of cross-border data transfers that are regulated by the DOJ Rule. Future blog posts will more closely examine the DOJ Rule, its requirements, potential impacts, and strategies to address compliance.
Read MoreHintze Law PLLC is excited to announce that Clara De Abreu E Souza has joined the firm as a first-year Associate in the Seattle office.
Read MoreThis year, eight of Hintze Law’s attorneys have been recognized by Best Lawyers® across a variety of categories, marking a significant milestone for the firm. Every one of our associates earned recognition, reflecting both the breadth of talent within our team and the dedication each attorney brings to their practice.
Read MoreBy Sam Castic
The California Privacy Protection Agency (CPPA) has adopted final regulations on privacy risk assessments, cybersecurity audits, and automated decisionmaking technology (ADMT), as well as amendments to existing CCPA regulations. Final publication of the regulations is pending review by the Office of Administrative Law, and depending on when that occurs, the regulations will likely take effect 10/1/2025 or 1/1/2026. Some key concepts from these regulations, and actions to consider, are below.
Read MoreBy Mason Fitch and Kate Black
The California Attorney General’s Office (“OAG”) announced an enforcement action against Healthline.com on July 1 that marks a significant development in California Consumer Privacy Act (CCPA) enforcement. This action, accompanied by the largest fine under CCPA yet at $1.55 million, highlights critical areas of consideration for any company engaging in the advertising ecosystem as well as any company that processes sensitive personal information.
Read Moreby Cameron Cantrell and Felicity Slater
On June 19, 2025, the U.S. District Court in the Northern District of Texas vacated the vast majority of the HIPAA Privacy Rule to Support Reproductive Health Care Privacy (the “HIPAA Reproductive Privacy Rule” or “Rule”). The Department of Health and Human Services (“HHS”) published the Rule in the Federal Register in April 2024 with a compliance date of December 23, 2024. The District Court’s decision to vacate the reproductive privacy aspects of the Rule has an immediate and nationwide effect.
Read MoreHintze Law PLLC is delighted to announce the Chambers & Partners recognition of Susan Hintze, Mike Hintze, Sam Castic, and Mason Fitch in its USA Guide 2025. These recognitions include the firm’s sixth year being nationally ranked in Privacy and Data Security, and third year in Privacy & Data Security: Healthcare.
Read Moreby Felicity Slater and Susan Hintze
On April 16, 2025, the California Privacy Protection Agency (CPPA) and state Attorneys General from California, Colorado, Connecticut, Delaware, Indiana, New Jersey, and Oregon announced the formation of the bipartisan "Consortium of Privacy Regulators." The focus of the Consortium will be to foster multi-state coordination, including sharing of expertise and resources, in investigation of potential violations of and enforcement of their state's respective comprehensive privacy laws.
Read MoreBy Sam Castic
On Friday April 11, 2025, the DOJ released a Compliance Guide and more than 100 FAQs on the Preventing Access to U.S. Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered Persons Rule (the “DOJ Rule”). It also released an Implementation and Enforcement Policy, which indicates it will not prioritize enforcement against companies making good faith efforts to comply until July 8, 2025.
Read Moreby Cameron Cantrell and Felicity Slater
On March 24, 2025, Governor Youngkin (R) of Virginia signed SB 754—which amends the Virginia Consumer Protection Act (VCPA) to restrict the collection and processing of “reproductive or sexual health information” and is enforceable through a private right of action—into law. The law will take effect July 1, 2025.
Read More
