Connecticut Attorney General William Tong (D) sent more than a dozen violation notices under the state’s comprehensive consumer privacy law in the six months since it took effect July 1, 2023, the AG office reported Thursday. Businesses get 60 days to cure violations upon receiving a notice under the state law. “We have focused on key aspects of the law related to privacy policies, sensitive data and teens’ data,” said the report. “While many companies have taken prompt steps to address issues flagged in cure notices … all matters have resulted in additional follow-up.” The AG office issued 10 cure notices about privacy policy deficiencies, including missing, inadequate or confusing disclosures and missing, burdensome or broken opt-out mechanisms, it said. “Several companies updated privacy policies and/or consumer rights mechanisms quickly upon receiving cure notices.” But some didn’t fully alleviate the AG’s concerns, or their privacy disclosures raised new questions about compliance with other parts of the law, it said. “This process is an iterative one and only time will tell which companies fully satisfy our concerns and which matters will ultimately require more formal enforcement action.” The office received more than 30 consumer complaints, it said. “Many involved consumers’ attempts to exercise new data rights under the CTDPA, and primarily, the ‘right to delete.’” However, about one-third of the complaints involved data or entities exempted by the state privacy law, the AG office said. “A handful of others were exempt for other reasons, including under the CTDPA’s exemption for ‘publicly available information.’” The AG office recommended that legislators revise the law to scale back the number of entity-level exemptions, including one for nonprofits. Also, switch to a data-level rather than entity-level exemption for the federal Gramm-Leach-Bliley Act and Health Insurance Portability and Accountability Act, it said. Among its other recommendations: Enact a “one-stop-shop” deletion mechanism like California’s 2023 Delete Act (see 2309150063); add a right to know specific third parties that receive data from covered businesses; expand biometric data to include data capable of being linked to a consumer like in Oregon’s law; and clarify whether the legislature intended to ban targeted advertising to teens regardless of consent, and review possibly erroneous language on publicly available information.

A Virginia kids’ privacy bill cleared the House Commerce Committee by a 22-0 vote Tuesday. HB-707 would stop data controllers from processing a child’s personal data for targeted advertising, sale or “profiling in furtherance of decisions that produce legal or similarly significant effects concerning a consumer” unless it’s “reasonably necessary to provide the online service, product, or feature.” The bill could next go to the House floor.

The Indiana Senate sent the House a 911 bill Wednesday after approving it unanimously Monday. SB-232 would require originating service providers to connect to state 911 using an industry standard or functional equivalent and “establish and maintain the connection in accordance with all applicable regulatory requirements requiring service continuity and ensure access to public safety assistance,” said a Monday fiscal impact statement. Also, the bill would update certain 911 terminology, increase penalties for giving false information and exempt information about 911 system security from public disclosure. In addition, it would allow a budget committee to decide whether to continue assessing a state 911 fee after June 30, 2031.

The Florida House Ways and Means Committee supported a bill extending dollar broadband attachments through 2028. The Commerce Committee will next consider HB-1147, which would extend a promotional rate that the state began offering in 2021. It lets ISPs pay $1 a year per wireline attachment per pole to bring broadband to unserved or underserved areas in municipal electric utility service territories. The promo will expire July 1 unless extended. The Senate Commerce Committee cleared a similar bill (SB-1218) last week (see 2401230042).

Connecticut regulators will investigate Frontier Communications service quality in response to a Jan. 8 petition by the state Office of Consumer Counsel, the Public Utilities Regulatory Authority said in a Tuesday notice (docket 24-01-15). OCC’s petition flagged Frontier problems meeting minimum standards for out-of-service repair and maintenance (see 2401080041).

The California Public Utilities Commission must ensure a smooth transition from a pilot to a permanent California LifeLine foster youth program, commenters said Tuesday in docket R.20-02-008. The CPUC may consider a Jan. 10 proposed decision to make the program permanent at its Feb. 15 meeting. However, the proposal doesn't address how pilot program participants will receive service after the proposed permanent program replaces it July 31, said T-Mobile, the pilot’s service provider. The permanent program would use other service providers. "Due to confidentiality concerns with foster youth, T-Mobile has no direct contractual relationship with any of the youth nor does it know their identities,” the carrier said. "T-Mobile simply has no way -- or authority -- to continue to provide service after July 31, 2024.” The pilot’s administrator iFoster said the CPUC should allow foster youth to continue receiving pilot program services for a year after the pilot ends “to encourage continuation of service and reimbursement of the current service.” Otherwise, the transition could result in inadvertently cutting off service to the pilot's 11,700 participants, it warned. Also, iFoster raised concerns that the proposed decision wouldn’t require data-sharing agreements with counties before transferring pilot program data to the new administrator. Without them, iFoster can’t transfer pilot data, it said. Also, the CPUC should allow foster youth to participate in the program until they are 26, iFoster said. The CPUC proposal would end benefits at 18, or 21 if the youth is in extended foster care. “Foster youth are extremely vulnerable once they leave the foster youth system” and will need a phone to apply for jobs, college or government benefits, iFoster said. The Utility Reform Network (TURN) urged the CPUC to clarify that it will own all data from the program. Also, establishing that the agency “will enter contracts and data sharing agreements for the permanent program will prevent the need to re-negotiate those agreements any time the [third-party administrator] changes, which would reduce transition time and enhance program continuity,” TURN said. The CPUC should require providers to replace mobile devices at no cost, it added. "Foster youth can change placement frequently, sometimes with little advance notice, so there is a risk of losing devices when they move.”

The Wyoming Public Service Commission will designate T-Mobile’s Assurance Wireless an eligible telecom carrier for the limited purpose of providing Lifeline services in the state. At a partially virtual meeting Tuesday, Wyoming commissioners voted 3-0 to approve the company’s Jan. 15 application (docket 17484).

Similar to several other states, Washington will explore use cases for generative AI in state operations as well as regulatory guidelines. Gov. Jay Inslee (D) signed an executive order Tuesday requiring state agency WaTech to submit a report including a plan for how the government may procure, use and monitor generative AI. “This executive order lays out a year-long process for agencies working together to assess the feasibility, benefits and challenges of integrating this technology into agency operations and services,” Inslee said. “It’s our duty to the public to be thorough and thoughtful in how we adopt these powerful new tools.”

Verizon may discontinue MCImetro basic local exchange services to about 19 residential customers, the Utah Public Service Commission said in a Monday order (docket 23-095-01).

California Attorney General Rob Bonta (D) backed bills on kids’ privacy and social media addiction, the AG office said Monday. SB-976 by Sen. Nancy Skinner (D) would provide social media controls for parents, including the ability to decide whether their children see a chronological news feed or one based on an algorithm, the current default. Also, the bill would let parents stop social media notifications and block access to platforms overnight and during the school day. AB-1949 by Assemblymember Buffy Wicks (D) would amend the California Consumer Privacy Act (CCPA) to stop businesses from collecting, using, sharing or selling personal data of anyone younger than 18, unless they get consent or if it’s absolutely needed for the business’ purpose. Parents would have to provide consent for users younger than 13. “Social media companies have shown us time and time again that for profits, they are willing to harness addictive content to target a vulnerable population: our children,” said Bonta. The bill was rebuked by NetChoice, which last year won a preliminary injunction against California’s Age-Appropriate Design Code (AADC) Act (see 2309190006). “These are the same harmful ideas recycled from California’s AADC,” said NetChoice General Counsel Carl Szabo. “Rather than violate the Constitution, annihilate privacy, and force the government control of families,” California policymakers should craft proposals educating “parents and kids and imprison[ing] predators.”