Articles

Stay at the forefront of the consumer insights and analytics industry with our Thought Leadership content. Here you’ll find timely updates on the Insights Association’s advocacy efforts, including the latest legislative and regulatory developments that impact how we work. In addition, this section offers expert perspectives on innovative research techniques and methodologies, as well as valuable analysis of evolving consumer trends. Together, these insights provide a trusted resource for professionals looking to navigate change, elevate their practice, and shape the future of our industry.

Fighting for You: October 2025 Legislative and Regulatory Update

Howard Fienberg
Government Affairs
10/30/2025 8:46:00 AM
Return

This October has been a scary time for the insights industry, and not just because of Halloween. Maryland’s new comprehensive privacy law – one of the strictest yet – and a wave of new California laws ranging from chatbot disclosure mandates, to imposing liability for AI-related harm, tightening consent rules, restricting algorithms, and faster data breach notifications, all brought significant compliance challenges for insights professionals. Federal bills signaled competing approaches to national AI regulation, while states such as Massachusetts and New Jersey pursued their own measures.

Let’s review the highs and lows of the policy issues facing the industry in October 2025.

Privacy and Data Security

Another comprehensive state privacy law came into effect in October: the Maryland Online Data Privacy Act. It has a lower threshold of applicability than most states. Maryland provides the usual array of consumer rights and controller responsibilities, but has enough standout provisions to urgently require insights companies and organizations’ careful review, especially the prohibitions on data sales and the data minimization requirements (which don’t care much about consent).

California has a bunch of new privacy and data security laws, including:

A law expanding disclosure requirements for registered data brokers and adding a time limit to one aspect of the upcoming centralized Data Removal and Opt-Out Platform (DROP);
A law to require web browsers to incorporate opt out preference signals, making it much simpler for consumers to tell every website they visit to opt them out of sale of their personal information to third parties, and potentially drastically reducing the amount of data consumers share with the insights industry;
Amendments to California law requiring data breach disclosures within 30 calendar days of discovery or notification, while allowing for accommodation of legitimate law enforcement or investigatory needs, and setting the timeline for notifying the California Attorney General at 15 days following notice to consumers;
A law that builds out existing restrictions on geofencing of family planning centers and restricts the collection, use, disclosure, sale, sharing, or retention of someone’s personal information if “physically located at, or within a precise geolocation of,” a health care services provider or family planning center;

Finally, legislation under consideration at the federal level -- the Ensuring National Constitutional Rights for Your Private Telecommunications (ENCRYPT) Act -- would ban state requirements for technology security vulnerabilities and decryption capabilities.

Artificial Intelligence

The Golden State also passed more new laws on AI:

California now requires extra protocols, transparency disclosures and reports for the use of “companion” chatbots and other AI interfaces, which may apply to a lot of tools in the insights industry, with violations punished via private lawsuits;
California has made explicit that a person or company/organization cannot avoid liability for harm allegedly caused by their artificial intelligence system;
California prohibits coercing a company to set or adopt a recommended price or commercial term from a pricing algorithm, among other expansions to state antitrust law; and
California will require extensive safety disclosures from developers of cutting-edge artificial intelligence models who garner large annual revenues, with violations bringing large penalties.

Some other impactful AI bills did not pass into law before the end of California’s session:

Two bills aiming to restrict the use of algorithms in pricing, opposed by the Insights Association because of their broad definitions and impact, were defeated in Sacramento this year.
Legislation opposed by IA that would make developers accountable to copyright holders for potentially-copyrighted material utilized by their generative artificial intelligence failed to advance before the end of the legislative session and will carry over to 2026.
Legislation that would have allowed the state AG to designate certain organizations who could certify the safety of artificial intelligence models and applications, providing developers with some legal defense against liability, died in committee.

Congress is considering divergent approaches to AI regulation, including:

The SANDBOX Act, which would allow AI users or developers to apply for waivers from or modifications to federal rules or regulations to test, experiment with, or temporarily offer AI products and services without being subject to "overly-prescriptive" enforcement; and
The TEST AI Act, which would task the National Institute of Standards and Technology (NIST) with developing and testing “trustworthy” AI systems.

Massachusetts also has some AI legislation in play, such as a bill to essentially require clear and conspicuous notification to consumers when they are interacting with a chatbot instead of a human, one requiring restricting higher-risk AI systems, and another demanding transparency to consumers when they are interacting with many AI systems (while also restricting high-risk AI systems).

Lastly, New Jersey has issued guidance on how the state’s discrimination law applies to “algorithmic discrimination resulting from the use of new and emerging data-driven technologies, such as artificial intelligence (AI) by employers, housing providers, places of public accommodation, and other entities...”

Health Care

Insights professionals are often responsible for reporting adverse events from pharmaceuticals or medical devices when they are uncovered during healthcare market research, and not just during clinical trials. How should the insights industry handle pharmacovigilance and what is required?

Your support makes all the difference

With legislative and regulatory ghouls and goblins at every turn, the Insights Association is still advocating for the insights industry’s interests in Washington, DC and across the U.S. on these and other policy issues.

This would NOT be possible without YOUR membership and sponsorship!

We are here to answer your questions on these and other legislative/regulatory/legal issues. Please stay in touch!

This information is not intended and should not be construed as or substituted for legal advice. It is provided for informational purposes only. It is advisable to consult with private counsel on the precise scope and interpretation of any laws/regulation/legislation and their impact on your particular business.

About the Author

Based in Washington, DC, Howard is the Insights Association's lobbyist for the marketing research and data analytics industry, focusing primarily on consumer privacy and data security, the Telephone Consumer Protection Act (TCPA), tort reform, and the funding and integrity of the decennial Census and the American Community Survey (ACS). Howard has more than two decades of public policy experience. Before the Insights Association, he worked in Congress as senior legislative staffer for then-Representatives Christopher Cox (CA-48) and Cliff Stearns (FL-06). He also served more than four years with a science policy think tank, working to improve the understanding of scientific and social research and methodology among journalists and policymakers. Howard is also co-director of The Census Project, a 900+ member coalition in support of a fair and accurate Census and ACS. He has also served previously on the Board of Directors for the National Institute for Lobbying and Ethics and and the Association of Government Relations Professionals. Howard has an MA International Relations from the University of Essex in England and a BA Honors Political Studies from Trent University in Canada, and has obtained the Certified Association Executive (CAE), Professional Lobbying Certificate (PLC) and the Public Policy Certificate (PPC). When not running advocacy for the Insights Association, Howard enjoys hockey, NFL football, sci-fi and horror movies, playing with his dog, and spending time with family and friends.