Comments are due March 27 on risk assessments, cybersecurity audits and automated decision-making, said the California Privacy Protection Agency. The agency released an invitation for comments Friday on a rulemaking ordered a week earlier (see 2302030065).

A West Virginia distracted-driving bill passed the House in an 88-6 vote Friday and will go to the Senate. HB-2218 expands the state’s existing prohibitions while carving out smartwatches.

The Mississippi Senate passed a bill to ban TikTok on state government devices. The Senate voted 51-0 Thursday to pass SB-2140, sending it to the House. The same day, the Virginia Senate Education and Health Committee voted 15-0 to clear a House-passed bill (HB-1575) to require online safety education for children. Several state legislatures are considering TikTok bans. A Virginia House-passed bill cleared a Senate committee earlier this week (see 2302090032). More TikTok ban bills are set for hearing Monday. The Missouri House Homeland Security Committee plans to weigh HB-919, while the Kansas House Legislative Modernization Committee is scheduled to consider HB-2314. Nine Republican senators in Pennsylvania introduced a TikTok bill (SB-379) Thursday.

The Pennsylvania Public Utility Commission granted a Windstream application to discontinue and abandon interexchange carrier reseller services. The company says it has no customers and hasn’t reported any gross intrastate operating revenue since 2018, said the PUC order Thursday (docket A-2022-3036728).

A Virginia Senate panel “passed by indefinitely” a House-passed bill (HB-1688) to set children’s privacy rules (see 2302060050 and 2301300037). The Senate General Laws and Technology Committee voted 15-0 Wednesday for the legislative maneuver that can signal a bill's defeat. It doesn't stop the committee from bringing back the bill before its deadline. The same committee passed by indefinitely the Senate version (SB-1026) last month. But the panel supported a House-passed bill to ban TikTok on state government devices, voting 12-3 Wednesday to send HB-2385 to the Finance and Appropriations Committee.

Maryland legislators are weighing a bill modeled on Florida and Oklahoma telemarketing laws, which go beyond the federal Telephone Consumer Protection Act (TCPA). At a livestreamed hearing Thursday, Del. Vaughn Stewart (D) joked that he “plagiarized” his HB-37 from Florida Gov. Ron DeSantis (R). The proposed Maryland mini-TCPA would require express written consent from consumers for robocalls and autodialing, with exemptions for nonprofits, political campaigns, business-to-business calls and isolated, nonroutine calls. The bill would ban calls between 8 p.m. and 8 a.m. and calling more than three times in 24 hours. And it would prohibit caller ID spoofing and using voice alteration technology for fraud or deception. Stewart said he’s open to amending the bill to exempt informational calls that companies make to their own customers. Proposed limits on autodialers are “admittedly more strict” than the federal TCPA, said the delegate, but they mirror Florida and Oklahoma laws. Del. Christopher Adams (R) asked if there weren’t already industry solutions to robocalls. Stewart said they’re not foolproof and his bill would complement those efforts. Del. Steven Arentz (R) raised concerns the measure may be “almost impossible to enforce.” The bill won’t “be a panacea,” but it will reduce spam calls and text, said Stewart: Florida spam calls declined after the state enacted its law. CTIA opposes HB-37, which could have “unintended consequences” preventing calls people want to receive, said lobbyist Rob Garagiola of Compass Advocacy. Industry is putting much effort into technology that stops spam call and texts, he said. AARP Maryland’s Karen Morgan supported the bill: “We’re drowning in robocalls.” The Senate Finance Committee heard testimony on its version of the same bill (SB-90) last week.

A private right of action is key to a strong biometric privacy bill in Maryland, said state Sen. Brian Feldman (D) at a Senate Finance Committee meeting livestreamed Wednesday. One problem with allowing only attorney general enforcement is the office's limited resources, said the SB-169 sponsor. "Businesses will simply ignore the law” if individuals can’t sue, said Electronic Privacy Information Center counsel Jake Wiener. Bring back the stronger PRA from last year’s Senate bill, he said. The enforcement provision is more limited in this year’s edition, agreed Feldman: It's based on last year’s House-passed bill, but the committee is welcome to amend. The Computer and Communications Industry Association wants only AG enforcement, with a 30-day right to cure alleged violations. “By creating a new private right of action, the measure would open the doors of Maryland’s courthouses to plaintiffs advancing frivolous claims with little evidence of actual injury,” said CCIA State Policy Director Khara Boender in written testimony. SB-169, which requires opt-in consent and applies only to private entities, puts "basic guardrails" to protect increasingly used biometric information like fingerprints and facial recognition scans, said Feldman. “There are essentially no rules” now on how long businesses can retain data and what they can do with it, he said. Assistant AG Hanna Abrams supported the bill, noting there are currently no restrictions on how companies use data. But CCIA said the bill goes “far beyond protecting” consumers’ biometric data, “which could result in degraded consumer services and experience.” Including a definition and compliance obligations for personal information extends the bill’s scope beyond biometrics, it said. “Requiring specific user consent for any data collection or processing would be inconsistent with consumer expectations, introduce unnecessary friction … and likely overwhelm consumers.” Extend the proposed Oct. 1 effective date, added CCIA, noting California, Colorado and Virginia privacy laws delayed enforcement by two years. Other opponents included TechNet and the Maryland Chamber of Commerce.

A Kentucky Senate panel unanimously supported banning TikTok on government devices Wednesday. The Senate State and Local Government Committee at a webcasted hearing voted 9-0 for SB-20 by Sen. Robby Mills (R). The bill effectively puts into state law an executive order by Gov. Andy Beshear (D) to ban the platform on state devices. Codifying the prohibition is important “so it will not time out as an executive policy will,” Mills told the committee. Sen. Gex Williams (R) asked why the bill doesn’t require, but rather permits, the judicial branch to implement the ban. Mills understands the legislature can’t force the judiciary, he said. Williams said he wants to follow up on that before final passage. The Virginia Senate narrowly passed a bill (SB-1459) Tuesday to ban TikTok and WeChat, effectively codifying an executive order by Gov. Glenn Youngkin (R). Lt. Gov. Winsome Earle-Sears (R) broke a 20-20 tie vote. The House passed a similar bill (HB-2385) Friday (see 2302060050).

The Alaska USF sunset will be delayed three years through June 30, 2026, said a Regulatory Commission of Alaska final order released Tuesday. Last year, the RCA rejected state USF changes proposed by industry (see 2212070046 and 2210260076).

The Florida Public Service Commission unanimously adopted Lifeline rule changes required by a 2022 state law, agreeing to a Jan. 27 staff recommendation at a livestreamed meeting Wednesday. Under the updated regulations, which are meant to harmonize Florida and federal rules, an eligible telecom carrier (ETC) must notify the subscriber about impending Lifeline service termination if it has reason to believe the subscriber no longer qualifies, said the recommendation in docket 2023011-TP. Also, the subscriber must provide proof of continued eligibility upon request of the ETC, FCC or its designee. The Florida PSC order also cleans up obsolete provisions on income eligibility that weren’t consistent with FCC requirements.