State Law Updates

State Privacy Regulators Announce Formation of Collaboratory Consortium

in , ,

On April 16, 2025, the California Privacy Protection Agency (CPPA) and state Attorneys General from California, Colorado, Connecticut, Delaware, Indiana, New Jersey, and Oregon announced the formation of the bipartisan "Consortium of Privacy Regulators." The focus of the Consortium will be to foster multi-state coordination, including sharing of expertise and resources, in investigation of potential violations of and enforcement of their state's respective comprehensive privacy laws. 

The press release quotes Michael Macko, the CPPA’s head of enforcement, observing that CPPA officials have “seen firsthand how misuse of data can harm Californians, whether it's information about their health, location, kids, identity, and more.” This suggests that sensitive personal information — including health information, kids’ data, and precise location data, which have taken center stage for new privacy laws and enforcement in recent years — is likely to be a priority for the Consortium. 

While state privacy law enforcers have been open about engaging in informal information-sharing for years and some have even coordinated multi-state settlement negotiations, the formation of the Consortium marks the first formalization of such collaboration in the privacy context and may signal a potential uptick of multistate privacy enforcement action. This possibility is significant for businesses, whose potential liability may increase in the context of more coordinated lawsuits and settlement negotiations brought under the comprehensive privacy laws of multiple states. In the past, coordinated efforts among state enforcers have tended to yield high combined settlement amounts

State enforcement collaboration may also be intended to address a commonly cited concern with state level privacy enforcement: that State Attorney Generals offices lack resources to engage in robust investigation into data collection and use practices. Such collaboration could indicate that state enforcement authorities are gearing up to increase their privacy-related enforcement activity in response to a perceived de-prioritization of privacy issues at the federal level, including at the Federal Trade Commission

Notably, Texas — which has emerged as one of the most active state privacy regulators — is not a Consortium member. 

Hintze Law PLLC is a Chambers-ranked and Legal 500-recognized, boutique law firm that provides counseling exclusively on global privacy, data security, and AI law. Its attorneys and data consultants support technology, ecommerce, advertising, media, retail, healthcare, and mobile companies, organizations, and industry associations in all aspects of privacy, data security, and AI law.

Felicity Slater is an Associate at Hintze Law PLLC representing companies on AI, privacy, and cybersecurity issues.

Susan Hintze is Co-Managing Partner at Hintze Law PLLC. Recognized by Chambers, Legal 500, & Best Lawyers, Susan and her firm are leaders in their field. Susan serves on the International Association of Privacy Professionals (IAPP) Board of Directors and is an IAPP Westin Emeritus Fellow. She is also co-chair of the firm’s Regulatory Defense Group.

Virginia Governor Signs Reproductive Health Data Restrictions into Law

in , ,
Virginia Governor Signs Reproductive Health Data Restrictions into Law

by Cameron Cantrell and Felicity Slater 

On March 24, 2025, Governor Youngkin (R) of Virginia signed SB 754—which amends the Virginia Consumer Protection Act (VCPA) to restrict the collection and processing of “reproductive or sexual health information” and is enforceable through a private right of action—into law. The law will take effect July 1, 2025. 

Read More

Hintze Global Privacy and Security Updates

in ,

Hintze Law continuously tracks privacy and security updates around the world to bring you a regular update of the latest developments. Below is a snapshot of updates from the last month. If you missed our last round of updates, you can find those here.

Read More