by Avi Gesser, Johanna Skrzypczyk, Michael R. Roberts, and Alessandra G. Masciandaro
2023 has arrived, and with it comes a novel patchwork of privacy requirements arising out of comprehensive state privacy laws that have been adopted (or amended) by legislatures in California, Virginia, Colorado, Connecticut and Utah. Although privacy practitioners have been busy analyzing these laws and assisting clients with compliance efforts, rulemaking in California and Colorado has made this a moving target. We’ve previously blogged about how companies can prepare for these laws, and how enforcement and guidance under the GDPR might shed light on how some of these laws will be applied. In this series of posts, we will track key rulemaking developments as well as trends in compliance efforts, with practical takeaways for covered companies to consider as these laws, and the regulatory expectations around them, mature.