On April 16, 2025, eight state regulators announced the formation of a collaborative privacy enforcement and information sharing consortium. The “Consortium of Privacy Regulators” brings together the state attorneys general from California, Colorado, Connecticut, Delaware, Indiana, New Jersey, and Oregon, as well as the California Privacy Protection Agency. This coalition signals a more unified and robust approach to privacy enforcement.
“Data knows no borders — state and nationwide coordination is vital for protecting consumers’ rights, especially in our data-driven world,” said Attorney General Bonta in the press release. “Collaborating with partners across the country provides another tool in the toolbox for my office to tackle enforcement priorities and continue safeguarding the privacy rights of Californians.”
This alliance’s goal is to enhance enforcement and implementation of state privacy regulations. Recognizing that many data practices and potential violations transcend state borders, these regulators are collaborating to try and address multijurisdictional issues with greater efficiency and consistency. This coordinated effort aims to create a more unified approach to privacy enforcement across the participating states.
Takeaways
The Consortium’s development is not entirely unexpected—indeed, the CFPB released a report in November 2024 urging states to work collaboratively and fill in the gaps in the federal privacy framework, including revising state privacy statutes to remove exclusions for Gramm-Leach-Bliley Act (GLBA)-related data or GLBA-governed entities.
For businesses operating within and across these states, the Consortium suggests a future of heightened scrutiny and a potentially more challenging compliance and enforcement environment. Companies may anticipate a more active and coordinated approach to identifying and addressing state privacy law violations. This collaboration may lead to more frequent inquiries, audits, and enforcement actions as regulators leverage shared resources and insights.
Businesses, especially those that are consumer facing, should plan to review and potentially update their privacy notices and practices to align with the requirements of the relevant state laws within this collaborative framework. This includes understanding the nuances of each state's regulations and implementing robust measures to safeguard consumer data.