On May 26, 2026, a bipartisan coalition of 44 attorneys general (AGs) issued a letter opposing the federal Kids Internet and Digital Safety Act (KIDS Act), H.R. 7757. The AGs assert that the KIDS Act would preempt their ability to enforce child online safety laws at the state level.
Key point: In response to an open records request submitted by Troutman Pepper Locke, the New Jersey Attorney General’s office provided copies of all cure letters sent pursuant to New Jersey’s consumer data privacy law and resolved by the recipient.
As shown by recent enforcement actions in California, including its most recent $12.5 million fine, the risk for companies that are out of compliance with state consumer data privacy laws has never been higher. As more state laws go into effect and cure periods sunset, the risk will only grow. One state where the enforcement risk may be higher is New Jersey.
In this episode of Regulatory Oversight, host Ashley Taylor continues the multipart series on artificial intelligence with colleagues Ghillaine Reid, David Stauss, and Matt Berns for a practical look at how states are actually regulating AI in 2025-26. Framed through a consumer protection lens, the discussion moves beyond theoretical federal proposals to real bills and regulations moving through state legislatures today.
In this episode of Regulatory Oversight, host Ashley Taylor is joined by Colorado Senate Majority Leader Robert Rodriguez and Troutman Pepper Locke Privacy + Cyber partner David Stauss for an in‑depth discussion of the Colorado AI Act — widely viewed as the nation’s first comprehensive legislative framework focused on high‑risk AI systems and algorithmic discrimination. Senator Rodriguez explains how Colorado’s work on consumer privacy laid the groundwork for AI regulation and walks through the origins, goals, and core provisions of the Act, including its emphasis on transparency, risk assessments, and protecting consumers in sectors such as employment, housing, health care, education, finance, and government services.
Key point: The investigative sweep is part of a growing multistate approach to privacy enforcement actions.
On September 9, the California Privacy Protection Agency (CPPA) announced that it has initiated a joint regulatory sweep in collaboration with attorneys general (AG) from California, Colorado, and Connecticut. The sweep will target businesses’ compliance with legal requirements associated with recognition of opt-out preference signals (OOPS) and universal opt-out mechanisms (UOOMs) that consumers can use to exercise their right to opt out of online tracking technologies (i.e., targeted advertising, sales, or sharing).