- Even More States Join the Party — By the end of 2024, almost half of all U.S. states had enacted modern data privacy legislation. That trend will likely continue, particularly since a national data privacy statute may not be a top priority for the incoming administration.
- It’s Time for State Enforcement — Several states have begun “staffing up” with the goal of bringing more data privacy enforcement in 2025, and some no longer have mandatory cure periods. Putting aside California, early indications are that Texas and Connecticut may take the lead among the states in enforcement activity.
- It’s All About the Servers — Advertising technology’s transition from browser-side tracking technologies (cookies) to server-side tracking technologies (application programming interfaces or APIs) slowed in 2024. Nonetheless, the transition to server-side technologies continues; we may see it become the dominant medium for tracking in 2025 as organizations continue to work on aligning their digital advertising practices with applicable privacy laws.
- Sensitive Data Is Everywhere — Regulators and plaintiffs continue to focus their attention on the collection, use, and sharing of sensitive data types. That trend is expected to continue in 2025 with continued focus on companies that use or share geolocation or health information.
- Focus on Data Protection Impact Assessments (DPIAs) — The first states started requiring DPIAs two years ago, but regulators were reticent to demand that companies produce them. That has changed—state regulators have started requesting them and will continue requesting that companies produce DPIAs for data-processing activities that mandate them, like targeted advertising.
About the Authors
Gretchen A. Ramos is global co-chair of Greenberg Traurig, LLP’s Data Privacy & Cybersecurity Practice. Jena M. Valdetero and David A. Zetoony are co-chairs of the firm’s U.S. Data Privacy & Cybersecurity Practice. The practice is composed of a multidisciplinary group of attorneys and professionals located throughout the world. GT’s team of dedicated data protection attorneys have experience working hand in hand with organizations of all sizes to develop practical strategies and provide strategic advice on virtually all aspects of data protection including GDPR, CCPA, VCDPA, CPA, CTDPA, UCPA and other compliance issues; data use, transfer and licensing issues; data breaches and regulatory investigations; and defending against privacy-related class actions. GT’s Data Privacy & Cybersecurity Practice is ranked Band 1 by Chambers & Partners for USA – Nationwide Privacy & Data Security: Highly Regarded Legal Rankings. In addition, Greenberg Traurig was named a “Law Firm of the Year” for Information Technology Law by Best Law Firms® in 2024.