On May 26, 2026, a bipartisan coalition of 44 attorneys general (AGs) issued a letter opposing the federal Kids Internet and Digital Safety Act (KIDS Act), H.R. 7757. The AGs assert that the KIDS Act would preempt their ability to enforce child online safety laws at the state level.
Key point: In response to an open records request submitted by Troutman Pepper Locke, the New Jersey Attorney General’s office provided copies of all cure letters sent pursuant to New Jersey’s consumer data privacy law and resolved by the recipient.
As shown by recent enforcement actions in California, including its most recent $12.5 million fine, the risk for companies that are out of compliance with state consumer data privacy laws has never been higher. As more state laws go into effect and cure periods sunset, the risk will only grow. One state where the enforcement risk may be higher is New Jersey.
The New York Attorney General’s (AG) Office announced a $5 million settlement with Uphold HQ Inc. (Uphold), a cryptocurrency platform that allows users to buy, sell, and trade digital assets. The settlement resolves allegations that Uphold misleadingly promoted Cred Inc.’s now‑bankrupt investment product, CredEarn, to its customers as a safe, savings‑style vehicle.
On April 13, 2026, Virginia Governor Abigail Spanberger signed SB338 into law, amending Virginia’s Consumer Data Protection Act (VCDPA) to prohibit controllers of personal data from selling consumers’ precise geolocation data. This ban, which takes effect on July 1, 2026, makes Virginia the third state in recent years to prohibit the sale of such data and reflects a trend that is likely to continue. Somewhat surprisingly, Virginia was the second state, behind California, to enact a comprehensive consumer privacy law and is continuing within that vein with this early expansion of privacy rights.
A federal court in Michigan significantly narrowed Michigan Attorney General (AG) Dana Nessel’s privacy and consumer protection case against Roku, Inc. (Roku) dismissing all non-Children’s Online Privacy Protection Act (COPPA) claims for lack of standing while allowing the state’s privacy claims under COPPA to proceed. The decision highlights COPPA’s utility as a vehicle for state AGs to bring enforcement actions in federal court, while also underscoring the jurisdictional limits on bringing companion state privacy and consumer protection claims in the same forum.
On March 16, 2026, New York Attorney General (AG) Letitia James rallied in support of the “One Fair Price Package” — a pair of bills aimed at curbing algorithmic and surveillance pricing in New York. Together, the bills would prohibit the use of personalized algorithmic pricing based on consumer data, ban electronic shelf labels in large food and drug retailers, and create robust enforcement mechanisms and private rights of action. The announcement from New York comes shortly after New Jersey Governor Mikie Sherrill backed legislation to ban what she has called “surveillance” pricing, and after California Attorney General Rob Bonta announced an investigative sweep focused on businesses that use consumer data to individualize prices for their goods or services earlier this year.
Register Here
Thursday, March 26 • 12:00 – 1:00 p.m. ET
Gene Fishel will be speaking on the “Cyber Threats – Are You Prepared?” webinar, being held on March 26.
Join professionals from McGriff, the US Secret Service, Troutman Pepper Locke, and A.B. Data to learn more about fraud and cybercrimes. Organizations of all sizes
State attorneys general (AGs) are among the most active and influential regulators in the U.S., using broad statutory authority, political visibility, and growing technical knowledge to shape policy and enforcement across sectors. In 2025, they asserted their authority to shape the legal and regulatory environment across the U.S. through aggressive and coordinated action. Despite changing
Key point: With a new governor taking office in New Jersey later this month, the fate of rules proposed last year to implement the New Jersey Data Privacy Act (NJDPA) will be decided by the incoming administration.
In this episode of our special 12 Days of Regulatory Insights podcast series, Ashley Taylor, co-leader of Troutman Pepper Locke’s State AG team, sits down with Privacy and Cyber chair Ron Raether to discuss how state attorneys general (AGs) are shaping the regulatory landscape for social media and the broader ad tech ecosystem.