So. Many. New. Bills. March was a doozy in terms of States launching new privacy bills either for the first time or to amend previously written bills. Even a law got some amendments before its official effective date. Craziest thing of all to happen is Privacy Lawls has surpassed 2,000 downloads! Not bad for a podcast about Privacy Policies.
Let’s get into it!
Table of Contents
What’s new in privacy?
Below are some of the most notable news in privacy from this month:
- Kentucky amends privacy law. The Governor of Kentucky signed a new bill (HB473) that amends the State’s privacy law (HB15). The amendments reduce the thresholds for which types of businesses will need to comply with Kentucky’s privacy law, exempt information collected by a health care provider covered by HIPAA, and require controllers to conduct and document data protection impact assessments in certain circumstances. Read more here.
- Amazon no longer allows Echo users to opt out of sending recordings to the company. Beginning on March 28, Amazon stopped the “Do Not Send Voice Recordings” option that kept audio records from Echo being sent to Amazon. Amazon stated that this feature was disabled due to the fact that it was used by very few customers. Learn more here.
- Texas investigating DeepSeek for alleged privacy law violations. The Government of Texas is investigating DeepSeek, alleging that the platform “appears to be no more than a proxy for the Chinese Communist Party to undermine American AI dominance and steal the data of American citizens.” Read more here.
- Meta considers subscription service in the UK. After a UK lawsuit over the use of personal data for targeted ads by Facebook, Meta is considering rolling out an ad-free subscription service in the UK. Meta launched a similar ad-free service in the European Union in 2023, following a ruling by the European Court of Justice. Learn more here.
- 23andMe bankruptcy raises privacy concerns. The genetic testing company 23andMe has filed for Chapter 11 bankruptcy and is now seeking a buyer. While the company has assured customers that their sensitive genetic data will be protected, privacy advocates and customers are nervous that the purchasers of the company may not apply the same data protection and privacy standards. Learn more here.
- ChatGPT allegedly hallucinates that a man killed his sons. NOYB filed a complaint with the Norwegian Data Protection Authority after a man asked ChatGPT who he is. Allegedly, ChatGPT answered with a false story that the man was accused and later convicted of murdering his two sons, as well as for attempted murder of his third son. Interestingly, the number and gender of the children, and the name of his hometown were correct while the rest of the information was false. Read more here.
- European Commissions proposes UK adequacy deadline extension. Currently, the deadline for UK adequacy is set for June 27th but the proposed extension would move the deadline to December 27th. Learn more here.
- Mozilla rewrites FireFox Terms of Use after privacy backlash. Critics alleged that Mozilla’s new Terms asked users for rights to whatever data they input into the browser or upload, which some worried could be sold to advertisers or AI companies. After this backlash, Mozilla rewrote its Terms to more clearly reflect how Mozilla uses data. Learn more here.
- CPPA privacy settlement with Honda. The California Privacy Protection Agency settled with American Honda Motor Co. for a $632,500 fine over alleged privacy violations. The CPPA alleged that Honda violated California’s privacy law by requiring consumers to provide more information than was necessary to exercise their privacy rights, requiring consumers to directly confirm that they have designated an authorized agent, failing to implement a cookie consent tool that provides a symmetrical choice for opting out of the sale or sharing of personal information, and failing to execute written contracts with advertising companies to whom it sold, shared and/or disclosed consumer personal information. Read more here.
- ChatGPT exploit used by threat actors. A vulnerability that was found in ChatGPT a year ago is being used by threat actors affecting the United States. There were over 10,000 attack attempts in a single week and 35% of the organizations analyzed are unprotected. Read more here.
What privacy bills are we tracking?
As part of our service, we keep track of privacy bills that would affect the way Privacy Policies are written. Below is our most recent list of privacy bill proposals in the United States. You can access the privacy bill tracker any time on our blog.
- Arkansas – AR SB258;
- Georgia – GA SB111;
- Hawaii – HI SB1037;
- Illinois – IL HB3385;
- Illinois – IL SB3517;
- Illinois – IL SB52;
- Illinois – IL HB3041;
- Maine – ME HB710/HB1088;
- Maine – ME HB799;
- Massachusetts – MA SB33;
- Massachusetts – MA HB104;
- New York – NY S2277;
- New York – NY SB365;
- New York – NY SB3162;
- New York – NY AB4374;
- North Carolina – NC – HB462;
- North Carolina – NC – SB757;
- Oklahoma – OK H1012;
- Pennsylvania – PA HB78;
- Pennsylvania – PA SB112;
- Vermont – HB208;
- Vermont – SB93; and
- West Virginia HB2953
Events
Here are some great virtual events that you can attend to learn more about the hottest issues in privacy and meet other privacy professionals:
- Harnessing DataMaps’ Potential for AI, Regulatory and Business Success – April 8, 2025;
- Mapping AI Governance Requirements to Technical Controls – April 30, 2025;
- Privacy Engineering and the Benefits It Brings to Your Organization – May 21, 2025.
Conclusion
If you’re still here, be sure to keep an eye out for the next episode of Privacy Lawls where we discuss how modern cars are spying on you… like all the time. And how you can maybe put an end to that.
