This paper examines how different state laws define personal information and “sensitive data” – foundational concepts that determine the scope of compliance obligations, regulatory triggers, and individual rights – as the landscape of U.S. privacy regulations continues to evolve in the absence of a federal privacy framework. The paper specifically analyzes common approaches and key […]

Legislation requiring the use of age assurance or age verification measures to promote safe online experiences for children and young people is gaining traction in the United States. At the time of publishing, 21 states have enacted laws with age assurance provisions, but there remains little agreement among states regarding the methods or tools to […]

We published this discussion paper as part of a series on emerging privacy laws in the United States to offer analysis and recommendations to policymakers for safeguarding consumer data privacy and enhancing responsible data practices. First, this paper analyzes the data minimization requirements in US state privacy laws and the proposed American Privacy Rights Act […]

In this paper, we examine requirements regarding automated decisionmaking and profiling included in comprehensive state privacy laws. This report also explores notable state-level AI regulations. Our goal is to help state lawmakers and policymakers in the US advance the principles of privacy and data protection in a more consistent and manageable way. Key recommendations include: […]

With the proliferation of privacy laws across various states in the US, companies with limited budgets and resources are seeking ways to synthesize requirements and harmonize compliance obligations across jurisdictions. To address this challenge, CIPL has launched a project aimed at identifying areas of alignment and divergence between state laws, and examining the compliance challenges […]