Tag Archives: Christine Chong

California’s Legislative Push on AI: A Wave of New Obligations and Prohibitions

by Beth George, Janet Kim, Sean Quinn, Madeline Cimino, and Christine Chong

Photos of authors

From left to right: Beth George, Janet Kim, Sean Quinn, Madeline Cimino, and Christine Chong (Photos courtesy of Freshfields Bruckhaus Deringer LLP)

California Governor Gavin Newsom recently signed into law a wave of legislation – totaling 19 laws – addressing the opportunities and risks of AI and placing California at the forefront of AI regulation in the United States. From election integrity to performer rights and healthcare transparency, the state has enacted measures aimed at managing potential negative impacts of the AI boom. At the same time, Governor Newsom vetoed SB 1047, the most comprehensive bill on his desk, signaling his interest in balancing the need for regulation to promote the safe deployment of AI with an interest in fostering growth in this important new sector of the California tech economy.

Continue reading

Does California’s Delete Act Have the “DROP” on Data Brokers?: Updates and Insights from the Recent Stakeholder Session

 by Christine E. Lyon, Christine Chong, Jackson Myers, and Ortal Isaac

Photos of the authors

From left to right: Christine E. Lyon, Christine Chong and Jackson Myers. (Photos courtesy of Freshfields Bruckhaus Deringer LLP)

The California Delete Act will make it easier for California consumers to request deletion of their personal information by so-called “data brokers,” a term that is much broader than companies may expect (see our prior blog post here). In particular, the Delete Act provides for a universal data deletion mechanism—known as the Data Broker Delete Requests and Opt-Out Platform, or “DROP”—that will allow any California consumer to make a single request for the deletion of their personal information by certain, or all, registered data brokers. In turn, by August 2026, data brokers will be required to regularly monitor, process, and honor deletion requests submitted through the DROP.

While the DROP’s policy objectives are fairly straightforward, it is less clear how the DROP will work in practice. For example, what measures will be taken to verify the identity of the consumer making the request, to ensure that the requesting party is the consumer they claim to be? What measures will be taken to verify that a person claiming to act as an authorized agent for a consumer actually has the right to request deletion of that consumer’s personal information? Unauthorized deletion of personal information may result in inconvenience or even loss or harm to individuals, which raises the stakes for the California Privacy Protection Agency (CPPA) as the agency responsible for building the DROP.

Continue reading