In a major development for businesses subject to state data privacy laws, eight state privacy regulators have joined forces to form the “Consortium of Privacy Regulators,” a bipartisan coalition aimed at coordinating enforcement and protecting consumer privacy through collaboration. The announcement, made by the California Privacy Protection Agency (CPPA) on April 16, 2025, represents a new era of multistate cooperation in the enforcement of comprehensive consumer privacy laws.
Regulators at the International Association of Privacy Professionals Global Privacy Summit April 22-25, 2025 stressed that the consortium formalizes existing collaboration among the agencies.
A Unified Front for Privacy Enforcement
The Consortium of Privacy Regulators includes the CPPA and the attorneys general of California, Colorado, Connecticut, Delaware, Indiana, New Jersey and Oregon. These regulators signed a memorandum of understanding (MOU) outlining shared goals to:
- Hold regular meetings and facilitate discussions on privacy law developments.
- Share enforcement priorities and coordinate investigations.
- Leverage technical and legal expertise across jurisdictions.
- Align enforcement around common statutory rights, such as access, deletion and opt-outs from the sale of personal information.
Although the member states’ privacy laws differ in scope and terminology, the MOU emphasizes their “fundamental similarities” and underscores that these shared provisions enable effective, cross-jurisdictional enforcement.
What This Means for Businesses
With this new consortium infrastructure, companies can expect:
- Greater multistate coordination in investigations and enforcement actions.
- More unified interpretations of overlapping privacy rights, such as access, deletion and opt-out.
- A higher premium on early, open engagement with regulators.
- Increased resource-sharing among states, including technical experts and legal personnel.
Companies operating in or collecting data from multiple states must ensure their compliance programs are calibrated not just for individual laws but for areas of convergence. Regulators now have a formal mechanism to compare notes, escalate issues and act together — making “check-the-box” compliance strategies riskier than ever.
This post comes to us from Skadden, Arps, Slate, Meagher & Flom LLP. It is based on the firm’s memorandum, “Eight-State Consortium of Privacy Regulators Marks Shift Toward Coordinated Enforcement,” dated May 2, 2025, and available here.