State privacy enforcement is entering a new phase, and Connecticut is quickly becoming a jurisdiction to watch. In its third annual Connecticut Data Privacy Act (CTDPA) enforcement report, the Office of Attorney General William Tong disclosed for the first time that it has opened multiple active investigations into how messaging platforms, gaming services, and AI
Latest from CyberAdviser
What to Expect in AI Regulation in 2026
The past year set up a clear clash between federal deregulatory efforts and state-level AI rulemaking, and 2026 is poised to be the year that conflict materializes in earnest. The Trump Administration signaled a strong preference for scaling back AI-specific rules while exploring avenues to preempt state and local measures, even as a growing number
New York Governor Vetoes NY Health Privacy Act
On December 19, 2025, New York Governor Kathy Hochul vetoed the New York Health Information Privacy Act (NY HIPA), a health data privacy bill that would have afforded consumer protections to non-HIPAA health data.
Although NY HIPA resembled existing laws, like Washington’s My Health My Data Act, it had several important differences that would have
FDA Issues Guidance on AI for Medical Devices
The Food and Drug Administration (FDA) issued final guidance Monday that explains how medical device manufacturers can use a Predetermined Change Control Plan (PCCP) to update AI-enabled device software functions (AI-DSFs) after clearance or approval without submitting a new marketing application for each covered change.
The guidance is a practical how‑to for getting the FDA
DAA Launches AI-Focused Review of Interest-Based Advertising Self-Regulatory Principles
On June 4, 2025, the Digital Advertising Alliance (“DAA”), the self-regulatory body that sets and enforces privacy standards for digital advertising, announced it is launching a process to determine if it is necessary to issue new guidance to address how the DAA’s Self-Regulatory Principles apply to the use of artificial intelligence systems and tools that
Court Issues First Decision on AI and Fair Use
Recently, a federal court issued the first ruling on the closely watched issue of fair use in copyright infringement involving AI. The court ruled in favor of the plaintiff on its direct infringement claim, and ruled that the defendant’s use of plaintiff’s material to train its AI model was not a fair use.
The Upshot
CFPB Finalizes Open Banking Rule
On October 22, 2024, the Consumer Financial Protection Bureau (“CFPB”) issued its final rule implementing Section 1033 of the Dodd-Frank Act (the “Final Rule” or the “Open Banking Rule”), granting consumers greater access rights to the data their financial institutions hold. Although there are some differences, the Final Rule largely tracks the Proposed Rule announced
The FTC Announces New Enforcement Actions Against Certain Businesses for Engaging in “Deceptive AI” Practices
As part of a new enforcement initiative called “Operation AI Comply,” the FTC recently announced that it has brought the following five enforcement actions against businesses that use or sell AI tools in a manner that the FTC has alleged is deceptive and unfair:
A Comparison of AI Regulatory Frameworks
CPPA’s Enforcement Update: New Regulations and Focus Areas
The California Privacy Protection Agency (“CPPA”) discussed at its July 16 meeting new enforcement focuses in addition to current goals. While the new focuses are largely in line with general trends, they also serve as a reminder that specific and nuanced compliance decisions can make a big difference.
As the CPPA has made clear in