State Attorneys General

Subscribe to State Attorneys General via RSS

A bipartisan coalition of 44 state attorneys general has formally objected to the House version of the Kids Internet and Digital Safety Act (H.R. 7757), urging congressional leaders to reject the legislation in favor of its Senate counterpart. The coalition sent a letter to key lawmakers arguing that the House bill undermines state

After attempting to amend its first-in-the-nation AI law for two years and three legislative sessions, on May 9, 2026, the Colorado legislature passed SB 26-189. It now awaits the governor’s signature and is expected to be signed into law, which will go into effect January 1, 2027.

SB 26-189 replaces the original law’s broad

State privacy enforcement is entering a new phase, and Connecticut is quickly becoming a jurisdiction to watch.  In its third annual Connecticut Data Privacy Act (CTDPA) enforcement report, the Office of Attorney General William Tong disclosed for the first time that it has opened multiple active investigations into how messaging platforms, gaming services, and AI

Two customers shopping for the same product on the same website at the same time may see two different prices.  This scenario is a growing reality in today’s data-driven marketplace, and California regulators are paying attention.  On Data Privacy Day 2026, California Attorney General Rob Bonta announced a new investigative sweep targeting “surveillance pricing”—a practice

On February 21st, the California Attorney General (AG) Rob Bonta announced a settlement with DoorDash for violations of the California Consumer Privacy Act (CCPA) and the California Online Privacy Protection Act (CalOPPA) relating to its participation in a marketing co-operative.  This action represents only the second public enforcement action since the CCPA went into effect

On February 1, 2024, the Connecticut Office of the Attorney General (“OAG”) submitted to the Connecticut General Assembly its report on the first six months of the Connecticut Data Privacy Act (“CTDPA”).  While the report includes important information about its enforcement efforts to date, the most noteworthy aspect may be its recommendation to the legislature

On October 20, 2022, Texas Attorney General Ken Paxton brought suit in Texas district court against Google for alleged violations of the Texas Capture or Use of Biometric Identifier Act (“CUBI”).  The  petition claims that Google violated CUBI by collecting, analyzing, and storing the facial geometry of individuals who appear in photos that have

On August 24, California Attorney General Rob Bonta announced a $1.2 million settlement with Sephora over allegations that the cosmetic retailer had violated the California Consumer Privacy Act (CCPA).  This first public enforcement action—and subsequent noncompliance letters the Attorney General sent to other retailers—clearly highlight the continued focus of regulators on online tracking practices and opt-out signals such

On October 1, 2022, the Colorado Attorney General‘s Office announced that it had submitted the first draft of its Rules implementing the Colorado Privacy Act.

The draft Colorado Rules run only 38 pages long—in notable contrast to the draft California regulations that run 66 pages (albeit in redline).  Moreover, the draft Colorado Rules address

Colorado has become the third state in the country to pass a comprehensive data privacy law, joining California and Virginia.  Assuming the governor signs—as he is widely expected to do—the Colorado Privacy Act (the “CPA”) will go into effect on July 1, 2023.

Similar to the California and Virginia laws, the CPA affords Colorado “consumers”