August 18, 2025
The U.S. privacy and AI regulatory landscape is evolving quickly, with new laws taking effect, updated rules on the horizon, and an increase in enforcement activity. At DeepIntent, we embrace these changes as opportunities to strengthen our platform and lead with best-in-class privacy practices.
Five New State Privacy Laws Taking Effect
From July 2025 through January 2026, five more states—Texas, Tennessee, Maryland, Rhode Island, and Kentucky—will implement comprehensive consumer privacy laws.
These laws strengthen consumer data rights and outline requirements for how personal data is collected, processed, and shared. Whenever new laws are introduced, DeepIntent works closely with privacy and industry experts to update our platform, ensuring compliance while enabling responsible and effective use of data.
Enforcement in Action
State regulators are beginning to apply these laws in real-world situations, offering valuable insights for the entire industry.
- California: On July 1, 2025, the California Attorney General announced a settlement under the CCPA and UCL with a media company. Allegations included not fully honoring opt-out requests, sharing inferred health-related browsing data, and using consent banners that regulators deemed unclear. The outcome included a three-year plan for improving disclosures, refining consent flows, and ensuring proper handling of Global Privacy Control (GPC) opt-outs.
- Connecticut: The state’s Attorney General announced the first enforcement action under the Connecticut Data Privacy Act (CTDPA), issuing an $85,000 fine to a company for not providing clear privacy disclosures or fully functional rights-request tools, and for inaccurately describing its compliance status. The resolution includes regular reporting on rights-request metrics and updated user rights mechanisms.
These actions reflect a broader trend: regulators are prioritizing transparency, effective user choice, and accurate communication about privacy practices. At DeepIntent, we proactively review these developments and integrate lessons learned, helping ensure our platform stays ahead of evolving expectations.
CCPA Updates
In July 2025, the California Privacy Protection Agency (CPPA) voted to adopt new regulations under the CCPA. These cover:
- Automated decision-making technology (ADMT)
- Risk assessments, including attestations
- Cybersecurity audits
- Right-to-correct processes
- Opt-out confirmations
- Enhanced privacy disclosures, including examples to help prevent “dark patterns” (design practices that may deceive users)
The rules are expected to be finalized by November 25, 2025, with some requirements taking effect gradually through 2028 and beyond. Many key updates will require forward planning. DeepIntent is already integrating these considerations into our processes so that our partners experience a seamless transition.
Our Commitment
AI and privacy regulations can feel complex, but our approach is straightforward: stay informed, adapt early, and communicate openly. By tracking legislation, monitoring case law, and applying insights from enforcement activity, we make sure our platform evolves alongside and ahead of the rules. Marketers can feel confident that compliance is built in and focus on their goals.
How is a Health Intelligent™ advertising platform privacy-safe by design? Learn more here.
