On September 29, 2025, California Governor Gavin Newsom signed into law Senate Bill 53, the Transparency in Frontier AI Act (TFAIA), the first-of-its-kind AI legislation in the U.S. that will require large AI developers to publicly disclose how they plan to mitigate potentially “catastrophic risks” posed by advanced frontier AI models. The law builds
The Data Advisor
Unique Insights on Privacy and Data Protection Worldwide
Latest from The Data Advisor - Page 2
U.S. Federal Court Allows CIPA Class Action Against AI Customer Service Provider to Proceed
On August 11, 2025, the U.S. District Court for the Northern District of California denied a motion to dismiss a California Invasion of Privacy Act (CIPA) class action lawsuit filed against ConverseNow Technologies, Inc. ConverseNow offers restaurants an AI-powered virtual assistant to process and manage customer phone calls, drive-thru orders, and text messaging conversations. In…
CPPA Approves New CCPA Regulations on AI, Cybersecurity, and Risk Governance, and Advances Updated Data Broker Regulations
On July 24, 2025, the California Privacy Protection Agency (CPPA) Board voted to approve a long-awaited rulemaking package imposing substantial new compliance obligations on businesses subject to the California Consumer Privacy Act (CCPA). The package contains finalized rules on AI-related, automated decision-making technologies (ADMT), cybersecurity audits, and risk assessments, as well as updates to existing…
White House Releases America’s AI Action Plan
On July 23, 2025, the White House announced its long-awaited comprehensive AI Action Plan titled “Winning the AI Race: America’s AI Action Plan” (the Plan). The Plan is aimed at positioning the U.S. as the global leader in AI and is a follow up to President Donald Trump’s January 23, 2025, Executive Order on “Removing…
European Commission Publishes DSA Guidelines on the Protection of Minors Online
On July 14, 2025, the European Commission (EC) published its guidelines (the Guidelines) on the protection of minors online. These Guidelines, which were initially released for consultation in May 2025, provide direction for online platforms on the steps they can take to comply with their duties to protect the privacy, safety, and security of minors…
EU Releases Final Code of Practice for General-Purpose AI Models
On July 10, 2025, the European Commission (EC) published the final version of the General-Purpose AI Code of Practice (Code). This voluntary instrument provides guidance on how providers of general-purpose AI models (GPAI), including those posing systemic risks (GPAI-SR), can comply with their obligations under the AI Act, which become applicable on August 2, 2025.…
New York Passes Novel Law Requiring Safeguards for AI Companions
Artificial intelligence (AI) companion apps have been in the news, with Commissioner Melissa Holyoak of the Federal Trade Commission calling for a study on AI companions earlier this month, and lawmakers at the state and federal level voicing concerns about the technologies. In response, New York has enacted the first law requiring safeguards for AI…
Nevada Passes Law Limiting AI Use for Mental and Behavioral Healthcare
On June 5, 2025, Nevada Governor Joe Lombardo signed AB 406, a law regulating the use of artificial intelligence (AI) for mental and behavioral healthcare. AB 406 comes as other states, such as Utah and New York, have taken steps to regulate AI chatbots, including AI chatbots providing mental health services. AB 406…
HHS Announces New Director of Office for Civil Rights: What to Watch from the New Health Privacy Leader
On June 4, 2025, the U.S. Department of Health and Human Services (HHS) announced the appointment of Paula M. Stannard as the Director of the Office for Civil Rights (OCR). As Director, Stannard will lead the enforcement of the Privacy, Security, and Breach Notification Rules under the Health Insurance Portability and Accountability Act of 1996…
CPPA Board Opens Draft Regulations for Public Comment
Key Changes to Upcoming AI, Risk Assessment, and Cybersecurity Regulations
On May 1, 2025, the California Privacy Protection Agency (CPPA) Board met again to discuss updates to the latest draft California Consumer Privacy Act (CCPA) regulations related to automated decision-making technology (ADMT), cybersecurity audits, risk assessments, and an assortment of other updates to existing regulations.…