Photo of John Pavolotsky

John Pavolotsky

Subscribe to John Pavolotsky's Posts

John Pavolotsky focuses his practice on data privacy, security matters, complex technology transactions. On privacy and security matters, John advises a broad range of clients on general compliance, use of new(er) technologies such as artificial intelligence (AI), data incidents, and breach response. On technology transactions matters, John assists clients with technology licensing, collaboration and joint development agreements, and cloud (XaaS) services agreements, among others. In addition, John advises clients in privacy, cybersecurity, and intellectual property matters in mergers and acquisitions (M&A) transactions. Click here for John Pavolotsky's full bio.

Contact:Read more about John Pavolotsky

In the world of AI, a month is an eternity. In my last article (https://www.stoelprivacyblog.com/2025/06/articles/ai/ai-legislative-developments-early-days-or-tipping-point/), just over a month ago, I wrote about the much-discussed proposed 10-year moratorium on the enforcement of state AI laws. Ultimately, the Senate voted against it, and the House passed the Senate version of the tax and spending

If tracking AI legislation is giving you whiplash, you’re not the only one.

In February, I wrote about the 24-Hour AI News Cycle: https://www.stoelprivacyblog.com/2025/02/articles/ai/the-24-hour-ai-news-cycle-keeping-up-with-legal-and-regulatory-developments/. February is ancient history, and the AI news cycle has become even further compressed since then.

Now, at the end of June, we stand at a crossroads. H.R. 1 (“One

On May 7, 2025, Utah became the first U.S. state to enact a law requiring app store providers and developers to verify users’ ages and obtain verifiable parental consent for minors to download apps or make in-app purchases. Senate Bill 142, the App Store Accountability Act (the “Act”), sets forth specific compliance obligations for both

In the beginning of March, I gave a presentation on AI legal developments. One of the attendees astutely pointed out that the current legal framework seems to focus on B2C use cases. I agreed. The focus is consumer protection. About 10 days later, I spoke at an AI contracting livestreaming event. Preparing for it gave

AI is evolving at a breakneck pace, making it increasingly difficult for businesses and legal professionals to track critical developments. Whether you’re an AI model developer, deployer, investor, or infrastructure provider, staying informed on AI’s risks and benefits requires a strategic approach. This article explores key AI regulatory trends and offers a framework for organizations

In our earlier post, we wrote:

“Through December 20, 2024, 575 security incidents involving unsecured protected health information affecting 500 or more individuals had been reported to Health and Human Services. Through the same date in 2023, 265 incidents had been reported. On December 27, 2024, the Office of Civil Rights at HHS issued

Privacy and cybersecurity are incredibly dynamic, and in 2025 we have committed ourselves to a look ahead post every six months, with the next one in July 2025. The new Congress convened on January 3, 2025, and a new administration starts on January 20. Most state legislatures reconvene in early-to-mid January. If you track privacy

2023 has seen a flurry of general state privacy laws, with twelve (12) such laws now on the books.  The next one to “go live,” on December 31, 2023, is the Utah Consumer Privacy Act (UCPA).  With no general federal privacy law in sight, the state privacy landscape continues to get more crowded and challenging

As consumer demand for new artificial intelligence (“AI”) tools continues to grow, businesses must be prepared to build tools with “privacy by design” principles in mind, and to remain educated about privacy best practices and risk mitigation strategies when working with AI. The following areas provide the greatest opportunities to manage data privacy risks and

About the Global Privacy & Security Blog

Learn More

Contracts, laws and regulations require privacy compliance, and good business practices demand it. This blog is designed to inform our clients and readers about developing privacy issues and regulatory updates, and provide alerts on cyber security stories and data breaches that impact various data privacy and security requirements.