Missouri’s attorney general (AG) announced on X.com (formerly Twitter) that he is “issuing a rule requiring Big Tech to guarantee algorithmic choice for social media users.” [X.com post (January 17, 2025, roughly 3:35 p.m. EST)] He intends to use his authority “under consumer protection law,” known as the Missouri Merchandising Practices Act in that state, “to ensure Big Tech companies are transparent about the algorithms they use and offer consumers the option to select alternatives.” [x.com post] The Missouri AG touts this rule as the “first of its kind” in an “effort to protect free speech and safeguard consumers from censorship.” [Press release]

On January 9, New Jersey Attorney General (AG) Matthew J. Platkin and the Division on Civil Rights (DCR) launched a new Civil Rights and Technology Initiative aimed at addressing the potential for discrimination and bias associated with artificial intelligence (AI) and other decision-making technologies. The announcement is one of many recent examples of AG’s leading the development of AI regulation. The New Jersey initiative is informed by recommendations from Governor Phil Murphy’s Artificial Intelligence Task Force, which emphasized the need for public education on bias and discrimination related to AI deployment.

Published in Law360 on January 15, 2025. © Copyright 2025, Portfolio Media, Inc., publisher of Law360. Reprinted here with permission.

State attorneys general across the U.S. took bold steps in 2024 to address unlawful activities by corporations in several areas, including privacy and data security, financial transparency, children’s internet safety, and other overall consumer protection claims.

Hearings on the merits of the Drug Enforcement Agency’s (DEA) proposed cannabis rescheduling, initially set to begin this month, have been cancelled. The preliminary hearing period has been littered with accusations that the DEA improperly excluded certain parties from participating, that the DEA itself does not adequately support rescheduling, and that the DEA engaged in improper ex parte communications with anti-rescheduling parties.

On January 7, the U.S. Court of Appeals for the Fourth Circuit found that Virginia’s hemp product restrictions do not violate federal law. The ruling is the latest defeat for the Virginia hemp industry’s efforts to overturn Virginia S.B. 903, a law intended to prohibit the sale of intoxicating hemp products like delta-8 and delta-10 tetrahydrocannabinol (THC) gummies and beverages in the Commonwealth.

The U.S. Supreme Court closed out 2024 by confirming states’ authority to regulate internet service providers. On December 16, 2024, the Court denied certiorari in New York State Telecommunications Association, Inc., et al. v. Attorney General Letitia James, Case No. 21-1975, allowing New York’s Affordable Broadband Act (ABA) to stand.

On January 6, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published significant proposed amendments (proposed rule) to the Security Rule under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Key drivers for the proposed rule include the dramatic increase in cyberattacks, including ransomware, the rapid adoption of cloud computing, mobile devices, and other technologies, and inconsistent compliance with the existing Security Rule identified by the OCR’s investigations.