On May 29, 2026, the Governor of Louisiana signed into law SB 386, the Louisiana Data Privacy Act (“LDPA”). Louisiana joins Alabama and Oklahoma as the third state to enact a comprehensive privacy law this year. The law will take effect on January 1, 2027.
Continue Reading Louisiana Enacts Comprehensive Privacy LawWhite House Releases Executive Order on Advanced AI Innovation and Security
On June 2, 2026, the White House issued an executive order titled “Promoting Advanced Artificial Intelligence Innovation and Security” (the “Order”). The Order reflects the Administration’s stated policy of advancing U.S. leadership in artificial intelligence (“AI”) while addressing national security risks associated with increasingly capable AI systems. To…
Continue Reading White House Releases Executive Order on Advanced AI Innovation and SecurityIllinois Department of Human Rights Seeks Public Comment on Draft AI Employment Regulations
Last month, the Illinois Department of Human Rights (“IDHR”) released draft regulations addressing employers’ use of AI in employment decisions and invited public comment. The IDHR will hold a hearing on the draft regulations on June 10, and the public comment period will close on June 29.
Background
HB…
Continue Reading Illinois Department of Human Rights Seeks Public Comment on Draft AI Employment RegulationsConnecticut Enacts Omnibus Privacy Law
By Lindsey Tonsager, Laura Kim, Bryan Ramirez & Clare Mathias on
Posted in Consumer Protection, State Privacy
On May 27, 2026, the Connecticut governor signed SB 4, an omnibus privacy law, which among other things, amends the Connecticut Data Privacy Act (“CTDPA”), establishes a data broker registry and accessible deletion mechanism, imposes restrictions on the use of price setting devices and surveillance pricing, and creates requirements for direct-to-consumer genetic testing companies.
Continue Reading Connecticut Enacts Omnibus Privacy LawConnecticut Enacts Genetic Privacy Law
By Libbie Canter, Elizabeth Brim & Clare Mathias on
Posted in Health Privacy
States continue to enact laws regulating genetic data. Since our last update, the Connecticut governor has signed SB 4, an omnibus privacy law which contains provisions regulating direct-to-consumer (“DTC”) genetic testing companies. You can read our full analysis of SB 4 here.
Continue Reading Connecticut Enacts Genetic Privacy LawCISA Releases Guidance on the Careful Adoption of Agentic AI Services
By Micaela McMurrough, Caleb Skeath & Bryan Ramirez on
Posted in Artificial Intelligence (AI), Cybersecurity
Earlier this month, the Cybersecurity & Infrastructure Security Agency (CISA), in collaboration with the National Security Agency and other international partners, released guidance for organizations on adopting agentic artificial intelligence systems (i.e., systems composed of one or more agents that fundamentally rely on an AI model, such as an LLM…
Continue Reading CISA Releases Guidance on the Careful Adoption of Agentic AI ServicesFTC and DOJ Continue Focus on Consumer Reviews Rule with Complaint Against Premium Home Service
By Laura Kim, Andrew Siegel & Alexandra Remick on
Posted in Consumer Protection, Federal Trade Commission
On May 11, 2026, the Department of Justice, acting on notification from the Federal Trade Commission, and the Illinois Attorney General, filed a complaint against “Premium Home Service” and its owner for alleged violations of Section 5 of the FTC Act, the Consumer Reviews Rule, and the Gramm-Leach-Bliley Act (GLB Act). The Complaint seeks injunctive relief, monetary relief, and civil penalties.
Continue Reading FTC and DOJ Continue Focus on Consumer Reviews Rule with Complaint Against Premium Home ServiceCISA Announces Revised Schedule of Town Halls for CIRCIA Rulemaking
By Micaela McMurrough, Ashden Fein, Caleb Skeath, John Webster Leslie, Miranda Rutherford & Bryan Ramirez on
Posted in Cybersecurity
On May 26, 2026, the Cybersecurity & Infrastructure Security Agency (“CISA”), announced a revised schedule of virtual town halls as part of its rulemaking implementing the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”). These town halls were initially scheduled for March and April 2026 but were delayed by the lapse in funding for the Department of Homeland Security that ended on April 30, 2026, and are now scheduled to begin on June 15, 2026. The “specific topics of interest” CISA highlighted in its original announcement remain unchanged.
Continue Reading CISA Announces Revised Schedule of Town Halls for CIRCIA RulemakingFTC Settles with Shutterstock Over Subscription Practices
By Laura Kim, Andrew Siegel & Carter McCants on
Posted in Federal Trade Commission
On May 13, 2026, the Federal Trade Commission (“FTC”) announced that Shutterstock, Inc. had agreed to a $35 million settlement resolving allegations that the company engaged in unfair and deceptive subscription practices. The FTC asserted claims under Section 5 of the FTC Act and the Restore Online Shoppers’ Confidence Act (“ROSCA”), alleging that Shutterstock charged consumers who did not understand they were enrolling in a subscription, failed to adequately disclose material subscription terms, and made cancellation unnecessarily difficult. The complaint did not seek civil penalties, and the final settlement requires only consumer redress.
Continue Reading FTC Settles with Shutterstock Over Subscription PracticesEU AI Act Update: Timeline Relief, Targeted Simplification, and New Prohibitions
On 7 May 2026, negotiators from the Council of the European Union, the European Parliament, and the European Commission reached a provisional agreement on the terms of the Digital Omnibus on AI, marking the first set of amendments to the EU AI Act since its adoption in June 2024. The final package of amendments reflects a mix of pragmatic timeline extensions, focused simplification measures, and a small number of substantive policy changes.
Continue Reading EU AI Act Update: Timeline Relief, Targeted Simplification, and New Prohibitions