跳转到主要内容

概述

州立法机构长期以来一直参与监管各类信息或特定行业的隐私。例如,保护学生信息、个人社会安全号码、医疗信息和其他类型信息的法律。

然而,消费者隐私问题最近在州立法机构中变得越来越重要,包括2022年。

2022年,至少35个州和哥伦比亚特区提出或考虑了近200项消费者隐私法案。

综合性(有时也称为综合性)消费者隐私立法是最常见的法案类型,至少有25个州和哥伦比亚特区的近70项法案正在审议中。

全面的立法提案通常规范企业收集、使用和披露个人信息,并为收集的数据提供一套明确的消费者权利,例如访问、更正和删除企业收集的个人信息的权利。

五个州颁布了全面的消费者隐私法:

  • 2018年《加利福尼亚州消费者隐私法》(加州公民社会法典§§1798.100等)和2020年《加利福尼亚消费者隐私权法》(提案24)
  • 2021科罗拉多州隐私法案S.B.190(2023年7月1日生效)
  • 康涅狄格州2022 S.B.6(个人数据隐私和在线监控)(2023年7月1日生效)
  • 《弗吉尼亚州消费者数据保护法》,2021 H.B.2307 | 2021 S.B.1392(生效于2023年1月1日。)
  • 《犹他州消费者隐私法》,2022年,S.B.227(2023年12月31日生效)

此处跟踪的其他一些更常见类型的消费者隐私立法涉及商业实体、在线服务或商业网站从消费者处收集数据,包括与网站隐私或互联网上儿童隐私、直接针对消费者的基因检测、ISP和信息/数据代理监管以及其他消费者隐私问题相关的法案。

2022年消费者数据隐私立法

使用CTRL-F搜索类别;使用搜索框查找状态。本文对2021消费者隐私法案的类别进行了说明。

2022 Legislation
State Bill | Status Summary Category

Alaska

AK HB 159

Failed - adjourned

Establishes the Consumer Personal Information Privacy Act, establishes data broker registration requirements, makes a violation of the Act an unfair or deceptive trade practice.

Comprehensive; Information Brokers

Alaska

AK HB 222

Failed - adjourned

Relates to personal information, relates to the privacy of personal information, relates to the collection, sale, sharing, deletion, correction, and use of personal information, relates to breaches of security of personal information, relates to genetic privacy, relates to social security numbers, provides for an effective date.

Comprehensive

Alaska

AK SB 116

Failed - adjourned

Establishes the Consumer Data Privacy Act, establishes data broker registration requirements, makes a violation of the Act an unfair or deceptive trade practice.

Comprehensive; Information Brokers

Arizona

AZ HB 2790

Pending

Relates to personal data, relates to processing, relates to security standards.

Comprehensive; Information Brokers

California

CA AB 1262

Pending

Relates to existing law which prohibits a person or entity from providing the operation of a voice recognition feature of a connected television within the state without prominently informing the specified user of the connected television during the initial setup or installation. Includes smart speaker devices within the scope of those provisions. Prohibits any actual recordings or transcriptions collected or retained through the operation of a voice recognition feature by the manufacturer.

Biometrics; Connected Devices

California

CA AB 1490

Failed

Requires appointments to the board which governs the California Privacy Protection Agency to be made from among Californians with expertise in the areas of privacy, technology, and consumer rights.

Studies, Task Forces, Comms.

California CA A 2089
Pending

Prohibits a mental health application developer, as defined, from sharing a consumer's personal information with a third party unless certain conditions are met, including that the information is deidentified, the information is reasonably necessary to provide a mental health service that a consumer has requested, or the consumer affirmatively consents to the sharing of their personal information.

Other Consumer Privacy
California

CA AB 2273

Pending

Requires a business that creates goods, services, or product features likely to be accessed by children to comply with specified standards, including considering the best interests of children likely to access that good, service, or product feature when designing, developing, and providing that good, service, or product feature, and providing privacy information, terms of service, policies, and community standards concisely, prominently, and using clear language.

Children’s Online Privacy

California

CA AB 2392

Pending

States the intent of the Legislature to subsequently enact legislation relating to the security of connected devices.

Connected Devices

California

CA AB 2486

Pending

Creates, in the California Privacy Protection Agency (CPPA), the Office for the Protection of Children Online for the purpose of ensuring that digital media available to children in this state are designed, provided, and accessed in a manner that duly protects the privacy, civil liberties, and mental and physical well-being of children, as prescribed.

Children’s Online Privacy

California

CA AB 2871

Pending

Extends specified exemptions to the California Consumer Privacy Act indefinitely.

AmendmentCompPrivLaw

California

CA AB 2891

Pending

Extends, until January 1, 2026, exemptions from certain provisions of the California Consumer Privacy Act of 2018.

AmendmentCompPrivLaw

California

CA AB 2960

Pending

This bill would amend the definitions relating to data brokers to conform with the changes made by the California Privacy Rights Act of 2020.

Information Brokers

California

CA SB 346

Pending

Requires a manufacturer of a new motor vehicle that is equipped with one or more in-vehicle cameras to disclose that fact. Prohibits a person or entity from providing for the sale or lease of a new motor vehicle with one or more in-vehicle cameras in this state without prominently informing the user or the person designated by the user to purchase the vehicle.

Other Consumer Privacy

California

CA SB 746

Pending

Grants a consumer the right to request that a business disclose to the consumer whether the business uses personal information collected about the consumer for a political purpose. Requires a business that collects and uses such information to disclose specified information upon receipt of a request from the consumer. Requires a business with gross revenue exceeding a certain amount that does not engage in such activities to submit a certain statement to the State Privacy Protection Agency.

Other Consumer Privacy

California

CA SB 1059

Pending

Includes in the definition of data broker a business that knowingly collects and shares, as defined, certain personal information to third parties. Transfers all authority and responsibilities under the provisions relating to data broker registration from the Attorney General to the State Consumer Privacy Act, including by requiring data brokers to annually register with the State Consumer Privacy Act on or before a specified date.

Information Brokers

California

CA SB 1189
Pending

Requires a private entity in possession of biometric information, as defined, to develop and make available to the public a written policy establishing a retention schedule and guidelines for permanently destroying the biometric information.

Biometrics or Facial Recognition

California

CA SB 1454

Pending

Makes a non-substantive change to the provision prohibiting the obligations the California Consumer Privacy Act imposes on businesses from restricting a business ability to comply with an evidentiary privilege.

AmendmentCompPrivLaw

Connecticut

CT SB 6
Enacted

Establishes a framework for controlling and processing personal data, provides responsibilities and privacy protection standards for data controllers and processors, grants consumers the right to access, correct, delete and obtain a copy of personal data, and opt out of the processing of personal data for the purposes of targeted advertising, certain sales of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects concerning consumers.

Comprehensive

Delaware

DE HB 262

Pending

Provide consumers with critical information about how their personal information is being used by data brokers, requires data brokers to register with the Consumer Protection Unit of the Department of Justice and answer questions regarding their use of personal information that would be published online to inform consumers.

Information Brokers

Florida

FL HB 9

Failed

Relates to consumer data privacy, requires controllers that collect a consumer's personal data to disclose certain information regarding data collection and selling practices to the consumer at or before the point of collection, specifying that such information may be provided through a general privacy policy or through a notice informing the consumer that additional specific information will be provided upon a certain request.

Comprehensive

Florida

FL SB 1864

Failed

Relates to consumer data privacy, creates the Florida Privacy Protection Act, requires controllers that collect consumer personal information to provide certain information to the consumer, provides that consumers have the right to opt out of the sale and processing of their personal information by controllers, prohibits controllers from selling the personal information of consumers younger than a specified age without express authorization from the consumer or the consumers parent or guardian.

Comprehensive

Georgia

GA SB 394

Failed-adjourned

Enacts the State's Computer Data Privacy Act, provides for related matters, provides for effective dates, repeals conflicting laws.

Comprehensive

Hawaii

HI HB 2051

Failed - adjourned

Establishes the state Consumer Privacy Act, specifies various consumer rights with respect to the collection of personal information by businesses, outlines the obligations on businesses with respect to the collection, disclosure, sharing, and selling of consumer personal information, specifies the requirements for administration and enforcement by the department, including adoption of rules, appropriates funds, becomes effective on a specified date.

Comprehensive

Hawaii

HI HB 2341

Failed - adjourned

Establishes a framework to regulate controllers and processors with access to personal consumer data, establishes penalties, establishes a new consumer privacy special fund, appropriates moneys.

Comprehensive

Hawaii

HI SB 1009

Failed - adjourned

Amends the definition of "personal information" for the purpose of applying modern security breach of personal information law, prohibits the sale of geolocation information and internet browser information without consent, amends provisions relating to electronic eavesdropping law, prohibits certain manipulated images of individuals.

Website Privacy; Location Privacy

Hawaii

HI SB 2032

To Governor

Requires direct to consumer genetic testing companies to adhere to certain requirements pertaining to its collection, use, and disclosure of genetic data, provides that any violation of the Act is deemed to be an unfair or deceptive trade practice.

Consumer Genetic Privacy

Hawaii

HI SB 2428

Failed - adjourned

Establishes a framework to regulate controllers and processors with access to personal consumer data, establishes penalties, establishes a new consumer privacy special fund, appropriates moneys.

Comprehensive

Hawaii

HI SB 2797

Failed - adjourned

Establishes a framework to regulate controllers and processors with access to personal consumer data, establishes penalties, establishes a new consumer privacy special fund, appropriates moneys.

Comprehensive

Iowa

IA HB 2506

Failed - adjourned

Relates to consumer data protection, provides civil penalties, includes effective date provisions.

Comprehensive

Iowa

IA HSB 674

Failed - adjourned

Relates to consumer data protection, provides civil penalties, includes effective date provisions.

Comprehensive

Iowa

IA SB 2208

Failed - adjourned

Relates to consumer data protection, makes penalties applicable, includes effective date provisions.

Comprehensive

Illinois

IL HB 559

Pending

Amends the Biometric Information Privacy Act, changes the term of written release to written consent, provides that the written policy that is developed by a private entity in possession of biometric identifiers shall be made available to the person from whom biometric information is to be collected or was collected, provides that an action brought under the Act shall be commenced within one year after the cause of action accrued if, prior to initiating any action against a private entity.

Biometrics or Facial Recognition

Illinois

IL HB 560

Pending

Amends the Biometric Information Privacy Act, changes the term of written release to written consent, provides that the written policy that is developed by a private entity in possession of biometric identifiers shall be made available to the person from whom biometric information is to be collected or was collected, deletes a provision regarding a right of action, provides instead that any violation that results from the collection of biometric information by an employer for employment.

Biometrics or Facial Recognition

Illinois

IL HB 1036

Pending

Amends the Biometric Information Privacy Act, makes a technical change in a section concerning the short title.

Biometrics or Facial Recognition

Illinois

IL HB 1764

Pending

Amends the Biometric Information Privacy Act, changes the definition of written release to include electronic consents and releases, provides that the Attorney General has the sole authority to enforce this Act, an action may be brought to enforce this Act only if a violation of this Act causes actual harm, exempts an employer from the Act if the employer is using biometric identifiers and biometric information for specified purposes, repeals a provision providing for a private right of action.

Biometrics or Facial Recognition

Illinois

IL HB 2404

Pending

Creates the Right to Know Act, provides that an operator of a commercial website or online service that collects personally identifiable information through the Internet about individual customers residing in who use or visit its commercial website or online service shall notify those customers of certain specified information pertaining to its personal information sharing practices.

Website Privacy

Illinois

IL HB 3112

Pending

Amends the Biometric Information Privacy Act, makes a change in a section concerning legislative findings and intent, defines actual harm as a realized or actual identity theft, realized or actual loss, or a realized or actual injury, changes the definitions of biometric identifier, biometric information, and private entity.

Biometrics or Facial Recognition

Illinois

IL HB 3304

Pending

Repeals the Biometric Information Privacy Act.

Biometrics or Facial Recognition

Illinois

IL HB 3414

Pending

Amends the Biometric Information Privacy Act, deletes language allowing a prevailing party in an action to recover for each violation of the act, provides that nothing in the act shall be construed to apply to a licensed operator of a facility collecting, storing, or transmitting biometric information, provides that all claims filed under the act shall be filed within one year of the initial violation, provides that continuing violations of the act, or violations of separate provisions of the act.

Biometrics or Facial Recognition

Illinois

IL HB 3453

Pending

Creates the Geolocation Privacy Protection Act, provides that a private entity that owns, operates, or controls a location-based application on a user's device may not disclose geolocation information from a location-based application to a third party unless the private entity first receives the user's affirmative express consent after providing a specified notice to the user, sets forth the purposes for which disclosure may be made, provides that a violation of the act constitutes an unlawful practice.

Location Privacy

Illinois

IL HB 3785

Pending

Amends the Consumer Fraud and Deceptive Business Practices Act, provides that a business that Sells or shares a consumer's contact information to or with another must send written notice through the U.S. mail to the consumer whose information is being sold or shared and give the consumer the opportunity to opt out of the sale or sharing of the information after receiving the notice, provides that a business that fails to comply with those requirements commits an unlawful practice.

Information Brokers

Illinois

IL HB 3910

Pending

Creates the Consumer Privacy Act, provides that a consumer has the right to request that a business that collects the consumer's personal information disclose to that consumer the categories and specific pieces of personal information the business has collected, requires a business to, at or before the point of collection, inform a consumer as to the categories of personal information to be collected and the purposes for which the categories of personal information shall be used.

Comprehensive

Illinois

IL HB 4569

Pending

Amends the Biometric Information Privacy Act, provides that nothing in the act shall be construed to apply to any health care employer that hires an employee under the Health Care Worker Background Check Act and the employee has submitted to a fingerprint-based criminal history records check, and which uses and stores biometric information or biometric identifiers exclusively for employment, human resources, compliance, payroll, identification, authentication, safety, security, or fraud prevention purposes.

Biometrics or Facial Recognition

Illinois

IL HB 4692

Pending

Amends the Biometric Information Privacy Act, changes the definitions of biometric identifier and written release, defines biometric lock, biometric time clock, electronic signature, in writing, and security purpose, provides that if the biometric identifier or biometric information is collected or captured for the same repeated process, the private entity is only required to inform the subject or receive consent during the initial collection.

Biometrics or Facial Recognition

Illinois

IL HB 5396

Pending

Amends the Biometric Privacy Information Act, provides that if an employee brings an action against an employer under the act, the employee's entitlement to relief shall be determined as provided in the Workers' Compensation Act, amends the Workers' Compensation Act, provides that an action arising under the Biometric Information Privacy Act due to the actions of an employer shall be adjudicated in accordance with the Workers' Compensation Act.

Biometrics or Facial Recognition

Illinois

IL SB 56

Pending

Amends the Biometric Information Privacy Act, provides that an action for a violation of the Act shall be commenced within one year after the cause of action accrued if the aggrieved person provides a private entity 30 days' written notice identifying the specific provisions of the Act the aggrieved person alleges have been or are being violated.

Biometrics or Facial Recognition

Illinois

IL SB 300

Pending

Amends the Biometric Information Privacy Act, changes the definitions of biometric information and written consent, provides that a right of action shall be commenced within one year after the cause of action accrued, if, prior to initiating any action against a private entity, the aggrieved person provides a private entity 30 days' written notice identifying the specific provisions of the Act the aggrieved person alleges have been or are being violated.

Biometrics or Facial Recognition

Illinois

IL SB 602

Pending

Amends the Biometric Information Privacy Act, changes the definitions of biometric identifier and written release, defines biometric lock, biometric time clock, electronic signature, in writing, and security purpose, provides that if the biometric identifier or biometric information is collected or captured for the same repeated process, the private entity is only required to inform the subject or receive consent during the initial collection.

Biometrics or Facial Recognition

Illinois

IL SB 731

Pending

Amends the Code of Civil Procedure, makes a technical change in the short title section.

Information Brokers; Website Privacy

Illinois

IL S 1607

Pending

Amends the Biometric Information Privacy Act, defines security purpose, changes the definition of written release to include electronic consent and electronic release, provides that the Attorney General and State's Attorneys have the sole authority to enforce the Act, provides that an action may be brought to enforce the Act only if a violation of the Act causes actual harm.

Biometrics or Facial Recognition

Illinois

IL SB 2039

Pending

Repeals the Biometric Information Privacy Act.

Biometrics or Facial Recognition

Illinois

IL SB 2080

Pending

Creates the Automatic Listening Exploitation Act, defines terms, provides that it is unlawful for a person who provides any smart service through a proprietary smart speaker to: store or make a recording or transcript of any speech or sound captured by a smart speaker or to use any storage or recording or transcript of any voice interaction by a user with the voice-user interface, or transmit such a recording or transcript to a third party, for any purpose, without obtaining express informed consent.

Connected Devices

Illinois

IL SB 2081

Pending

Creates the Keep the Internet Devices Safe Act, provides that a digital device is an Internet-connected device that contains a microphone, provides that no private entity may turn on or enable a digital device's microphone unless the registered owner or person configuring the device is provided certain notices in a consumer agreement, provides that a manufacturer of a digital device that does not cause to be turned on or otherwise use a digital device's microphone is not subject to the restrictions.

Connected Devices

Illinois

IL SB 2082

Pending

Creates the Keep Internet Devices Safe Act, includes a statement of legislative intent and defines terms, provides that a private entity may turn on or enable, cause to be turned on or enabled, or otherwise use a digital device's microphone to listen for or collect information, including spoken words or other audible or inaudible sounds, if the private entity makes specified disclosures in its customer agreement or other incorporated addendum.

Connected Devices

Illinois

IL SB 3081

Pending

Creates the Do Not Track Act, prohibits a party to a user action from tracking another user whenever the party receives a do-not-track signal indicating a user preference not to be tracked, with some exceptions, provides that data that has been sufficiently de-identified such that it is rendered anonymous data may be processed for any purpose, provides that a party may disregard a user's do-not-track signal when the user has given express affirmative consent to track.

Website Privacy

Illinois

IL SB 3413

Pending

Amends the Biometric Information Privacy Act, provides that nothing in the Act shall be construed to apply to certain health care employers that hire an employee under the Health Care Worker Background Check Act where the employee has submitted to certain fingerprint-based criminal history records checks.

Biometrics or Facial Recognition

Illinois

IL SB 3782

Pending

Amends the Biometric Privacy Information Act, defines security purpose as the purpose of preventing retail theft, fraud, or any other misappropriation or theft of a thing of value, including protecting property from trespass, controlling access to property, protecting any person from harm, including stalking, violence, or harassment, and assisting a law enforcement investigation.

Biometrics or Facial Recognition

Illinois

IL SB 3874

Pending

Amends the Biometric Information Privacy Act, changes the definitions of biometric identifier and written release, defines biometric lock, biometric time clock, electronic signature, in writing, and security purpose, provides that if the biometric identifier or biometric information is collected or captured for the same repeated process, the private entity is only required to inform the subject or receive consent during the initial collection.

Biometrics or Facial Recognition

Indiana

IN HB 1261

Failed-adjourned

Relates to consumer privacy, requires businesses to disclose certain information to consumers, outlines different requests a consumer may make with businesses regarding the consumer's personal information, assigns enforcement of consumer privacy law to the State division of consumer protection, exempts certain government entities and certain types of information, provides certain business exceptions.

Comprehensive

Indiana

IN SB 358

Failed-adjourned

Establishes a new article in the Indiana Code concerning consumer data protection, to take effect on a specified date, sets forth the following within the new article, definitions of various terms that apply throughout the article, exemptions from the bill's requirements concerning the responsibilities of controllers of consumers' personal data, the rights of an Indiana consumer.

Comprehensive

Kentucky

KY HB 32

Failed-adjourned

Defines terms, requires private entities to develop and comply with a retention and destruction schedule for biometric identifiers and information, prohibits private entities' collection, trade, and disclosure of biometric information with limited exceptions, creates a standard of care for private entities collecting biometric information, creates a civil cause of action for violations.

Biometrics or Facial Recognition

Kentucky

KY HB 75

Failed-adjourned

Regulates the collection, use, and transfer of human DNA samples, creates penalties for violations of the prohibitions, States the Act shall be known as the Protecting DNA Privacy Act.

Consumer Genetic Privacy

Kentucky

KY HB 502

Enacted

Regulates the collection, use, and disclosure of genetic data, creates a civil cause of action for violations of the prohibitions, to be brought by the Attorney General, states that the Act shall be known as the Genetic Information Privacy Act.

Consumer Genetic Privacy

Kentucky

KY HB 586

Failed-adjourned

Establishes consumer rights relating to personal data, including the rights to confirm whether data is being processed, to delete personal data provided by the consumer, to obtain a copy of the consumer's personal data that was previously provided, and to opt out of targeted advertising and the sale of data, defines terms, sets forth the types of data and the persons or entities to which the statutory provisions and do not apply.

Comprehensive

Kentucky

KY HB 626

Failed-adjourned

Defines biometric identifier, prohibits the capture of biometric identifiers for a commercial purpose without first informing and obtaining consent from the individual whose biometric identifier is at issue, conditionally prohibit a person from disclosing biometric identifiers, requires a person to institute reasonable storage and destruction requirements of biometric identifiers, exempts voiceprint data retained by a financial institution and auto manufacturers' crash avoidance technology.

Biometrics or Facial Recognition

Kentucky

KY SB 15

Failed-adjourned

Establishes consumer rights relating to personal data, including the rights to confirm whether data is being processed, to delete personal data provided by the consumer, to obtain a copy of the consumer's personal data that was previously provided, and to opt out of targeted advertising and the sale of data, creates definitions for terms.

Comprehensive

Louisiana LA HB 987
Failed - adjourned

Relates to the Louisiana Privacy Act. Provides definitions, provides for consumer rights, provides for the responsibilities of a processor and a controller; provides for deidentified data; provides for investigative powers; and enforcement, provides for a civil fine, and related matters

Comprehensive

Maine

ME HB 669

Enacted

Enacts the Data Collection Protection Act, creates the Maine Data Collection Protection Act, which prohibits data collectors from collecting and aggregating, selling or using specific types of public documents or information from those documents for the purpose of determining a consumer's eligibility for consumer credit, employment or residential housing.

Information Brokers

Maine

ME HB 1450
Failed

Regulates the use of biometric identifiers.

Biometrics or Facial Recognition

Maine

ME LR 1604

Failed - Adjourned

Creates a data broker registry and improve consumer protections.

Information Brokers

Maine

ME LR 1913

Failed - Adjourned

Enacts the smart Home Device Privacy Protection Act.

Connected Devices

Maine

ME SB 713

Failed

Protects consumers privacy by giving them greater control of their data and to establish consumer protections regarding small dollar loans.

Comprehensive

Maryland

MD HB 259

Failed-adjourned

Regulates the use of biometric identifiers by private entities, including by requiring certain private entities in possession of biometric identifiers to develop a policy, made available to the public, establishes a retention schedule and destruction guidelines for biometric identifiers, authorizes an individual alleging a violation of the act to bring a civil action against the offending private entity.

Biometrics or Facial Recognition

Maryland

MD HB 866

Enacted

Alters the direct-to-consumer or publicly available open-data personal genomics databases that may be used to conduct forensic genetic genealogical DNA analysis and search to require that the databases seek express consent from their service users regarding the substance of a certain notice.

Consumer Genetic Privacy

Maryland

MD SB 11

Failed

Relates to the Online Consumer Protection and Child Safety Act.

Children’s Online Privacy; Comprehensive

Maryland

MD SB 335

Failed-adjourned

Regulates the use of biometric identifiers by private entities, including by requiring certain private entities in possession of biometric identifiers to develop a policy, made available to the public, establishing a retention schedule and destruction guidelines for biometric identifiers, authorizes an individual alleging a violation of the Act to bring a civil action against the offending private entity.

Consumer Genetic Privacy; Biometrics or Facial Recognition

Maryland

MD SB 766

Failed-adjourned

Regulates the use of genetic data by direct-to-consumer genetic testing companies, including by requiring a direct-to-consumer genetic testing company to provide consumers with certain information regarding the company's policies and procedures and obtain certain consents from consumers before collecting, using, or disclosing the consumer's genetic data.

Consumer Genetic Privacy

Massachusetts

MA HB 136

Pending

Relates to data privacy.

Information Brokers; Biometrics or Facial Recognition

Massachusetts

MA HB 142

Pending

Relates to consumer data privacy.

Comprehensive; Information Brokers

Massachusetts

MA HB 521

Pending

Relates to the collection, use, disclosure or dissemination of personal information from customers of telecommunications or internet service providers.

ISP Privacy

Massachusetts

MA HB 1893

Pending

Relates to the public posting or displaying of the personal information of certain protected judicial officials and their family members.

Information Brokers

Massachusetts

MA HB 4029

Pending

Relates to algorithmic accountability and bias prevention in the protection of consumers.

Information Brokers

Massachusetts

MA HB 4152

Pending

Provides for protections in the processing of personal data and the free movement of personal data.

Information Brokers

Massachusetts

MA HB 4514

Pending

Establishes the Massachusetts Information Privacy and Security Act.

Information Brokers

Massachusetts

MA SB 46

Pending

Establishes the Massachusetts Information Privacy Act.

Biometrics; Comprehensive

Massachusetts

MA SB 50

Pending

Relates to data security and privacy.

Information Brokers

Massachusetts

MA SB 220

Pending

Protects personal biometric data.

Biometrics or Facial Recognition

Massachusetts

MA SB 1151

Pending

Establishes the Massachusetts Judicial Security Act.

Information Brokers

Massachusetts

MA SB 2146

Pending

Promotes net neutrality and consumer protection.

ISP Privacy

Massachusetts

MA SB 2687

Pending

Relates to establishing the Massachusetts Information Privacy and Security Act.

Comprehensive; Information Brokers

Michigan Hi HB 5989
Pending
Creates consumer privacy act. Comprehensive

Minnesota

MN HB 36

Failed - adjourned

Relates to consumer data privacy, gives various rights to consumers regarding personal data, places data transparency obligations on businesses, creates a private right of action, provides for enforcement by the attorney general.

Comprehensive

Minnesota

MN HB 421

Failed - adjourned

Relates to data privacy, requires consent before providers share audio or video data with third parties.

Website Privacy

Minnesota

MN HB 1492

Failed - adjourned

Relates to consumer data privacy, gives various rights to consumers regarding personal data, places obligations on certain businesses regarding consumer data, provides for enforcement by the attorney general.

Comprehensive

Minnesota

MN HB 2872

Failed - adjourned

Relates to crime, prohibits the dissemination of personal information about a child.

Children’s Online Privacy; Website Privacy

Minnesota

MN HB 3724

Failed - adjourned

 

Relates to consumer protection; prohibits certain social media algorithms that target children.

Children’s Online Privacy; Website Privacy

Minnesota

MN HB 4439
Failed - adjourned

Relates to consumer data protection; requires direct-to-consumer genetic testing companies to provide disclosure notices and obtain consent

Consumer Genetic Privacy
Minnesota

MN SB 1408

Failed - adjourned

Relates to consumer data privacy, gives various rights to consumers regarding personal data, places obligations on certain businesses regarding consumer data, provides for enforcement by the attorney general.

Comprehensive

Minnesota

MN SB 2817

Failed - adjourned

Relates to consumer data protection, requires direct to consumer genetic testing companies to provide disclosure notices and obtain consent.

Consumer Genetic Privacy

Minnesota

MN SB 3933

Failed - adjourned

Relates to consumer protection; prohibits certain social media algorithms that target children Children’s Online Privacy; Website Privacy

Minnesota

MN SB 4182

Failed - adjourned

Relates to consumer data protection; requires direct-to-consumer genetic testing companies to provide disclosure notices and obtain consent.

Children’s Online Privacy; Website Privacy

Missouri

MO HB 2716

Pending

Establishes the Biometric Information Privacy Act.

Biometrics or Facial Recognition

Mississippi

MS SB 2330

Failed - adjourned

Creates the Mississippi Consumer Data Privacy Act, authorizes consumers to request that businesses disclose certain information, authorizes consumers to request that businesses delete personal information collected by businesses, requires businesses to disclose certain information to consumers, to inform consumers of their right to request that personal information be deleted, and to delete personal information collected about consumers upon request.

Comprehensive

Nebraska

NE L 1188

Failed-adjourned

Adopts the Uniform Personal Data Protection Act.

Comprehensive

New Jersey

NJ AB 505

Pending

Relates to state Disclosure and Accountability Transparency Act (DATA), establishes certain requirements for disclosure and processing of personally identifiable information, establishes Office of Data Protection and Responsible Use in Division of Consumer Affairs.

Comprehensive

New Jersey

NJ AB 525

Pending

Makes DNA samples and genetic information resulting from DNA analysis property of the person sampled or analyzed.

Consumer Genetic Privacy

New Jersey

NJ AB 1399

Pending

Requires Internet service providers to keep confidential subscriber's personally identifiable information unless subscriber authorizes Internet service provider in writing to disclose information.

ISP Privacy

New Jersey

NJ AB 1954

Pending

Requires Internet service providers to keep confidential subscriber personally identifiable information unless subscriber authorizes Internet service provider in writing or email to disclose information, prohibits subscriber penalty.

ISP Privacy

New Jersey

NJ AB 1971

Pending

Requires commercial Internet websites and online services to notify consumers of collection and disclosure of personally identifiable information and allows consumers to opt out.

Comprehensive

New Jersey

NJ AB 2029

Pending

Requires Internet service providers to keep confidential and prohibit any disclosure, sale, or unauthorized access to subscriber's personally identifiable information unless subscriber authorizes Internet service provider in writing to disclose information.

ISP Privacy

New Jersey

NJ AB 2549

Pending

Requires consumer reporting agencies to increase protection of consumers' personal information.

Other Consumer Privacy

New Jersey

NJ AB 2726

Pending

Directs Board of Public Utilities to undertake public awareness campaign concerning telecommunications carriers, including mobile and Voice over Internet Protocol service providers, and disclosure of customer information.

ISP Privacy

New Jersey

NJ AB 2951

Pending

Creates the Microphone Enabled Devices Act, requires user consent before enabling device microphone.

Biometrics or Facial Recognition; Connected Devices

New Jersey

NJ AB 3262

Pending

Enacts the Reader Privacy Act.

Other Consumer Privacy

New Jersey

NJ AB 3503

Pending

Prohibits television voice recognition features from collecting or recording users without notice, prohibits use or sale of recordings for advertising purposes.

Biometrics or Facial Recognition; Connected Devices

New Jersey

NJ SB 332

Pending

Requires commercial Internet websites and online services to notify consumers of collection and disclosure of personally identifiable information, allows consumers to opt out.

Comprehensive; Website Privacy

New Jersey

NJ SB 1413

Pending

Enacts the Reader Privacy Act.

Other Consumer Privacy

New York

NY AB 27

Pending

Establishes the biometric privacy act.

Biometrics or Facial Recognition

New York

NY AB 400

Pending

Restricts the disclosure of personal information by businesses.

Information Brokers

New York

NY AB 405

Pending

Relates to establishing the online consumer protection act.

Website Privacy

New York

NY AB 488
Pending

Relates to prohibiting private entities from using biometric data for any advertising, detailing, marketing, promotion, or any other activity that is intended to be used to influence business volume, sales or market share or to evaluate the effectiveness of marketing practices or marketing personnel.

Biometrics or Facial Recognition

New York

NY AB 589

Pending

Requires retailers to post warning signs of the tracking of customers through cell phones or other electronic devices, provides for civil penalties.

Other Consumer Privacy

New York

NY AB 680

Pending

Enacts the NY privacy act to require companies to disclose their methods of de-identifying personal information, to place special safeguards around data sharing and to allow consumers to obtain the Names of all entities with whom their information is shared, creates a special account to fund a new office of privacy and data protection.

Comprehensive; Information Brokers

New York

NY AB 706

Pending

Relates to the use of electronic or computerized entry systems and the information that may be gathered from such systems.

Biometrics or Facial Recognition

New York

NY AB 733

Pending

Requires express and affirmative consent prior to collection, storage or transmittal of any personal information obtained from the installation or use of a smart home connected system by certain persons.

Connected Devices

New York

NY AB 3586

Pending

Establishes the "It's Your Data Act" for the purposes of providing protections and transparency in the collection, use, retention, and sharing of personal information.

Comprehensive

New York

NY AB 3709

Pending

Grants a consumer a right to request a business to disclose the categories and specific pieces of personal information that it collects about the consumer, the categories of sources from which that information is collected, the business purposes for collecting or selling the information, and the categories of third parties with which the information is shared.

Comprehensive

New York

NY AB 3759

Pending

Enacts the Facial Recognition Technology Study Act to study privacy concerns and potential regulatory approaches to the development of facial recognition technology.

Biometrics or Facial Recognition; Studies, Task Forces, Comms.

New York

NY AB 4137

Pending

Requires manufacturers of smart speakers to obtain signed written permission from users before storing voice recordings.

Connected Devices

New York

NY AB 4855

Pending

Relates to the use of voice recognition features on certain products.

Biometrics

New York

NY AB 6042

Pending

Enacts the "digital fairness act".

Comprehensive

New York

NY AB 9027

Pending

Discloses to a parent the personal information and content about a minor collected by an operator of an internet platform when a parent requests such information.

Children’s Online Privacy; Website Privacy

New York

NY SB 154

Pending

Relates to requiring manufacturers of smart speakers to obtain permission from users before storing recordings.

Biometrics; Connected Devices

New York

NY SB 567

Pending

Grants a consumer a right to request a business to disclose the categories and specific pieces of personal information that it collects about the consumer, includes the categories of sources from which that information is collected, the business purposes for collecting or selling the information, and the categories of third parties with which the information is shared.

Comprehensive

New York

NY SB 1349

Pending

Restricts the disclosure of personal information by businesses.

Information Brokers

New York

NY SB 1897

Pending

Relates to the use of voice recognition features in certain products.

Biometrics or Facial Recognition; Connected Devices

New York

NY SB 1933

Pending

Establishes the biometric privacy act, requires private entities in possession of biometric identifiers or biometric information to develop a written policy establishing a retention schedule and guidelines for permanently destroying biometric identifiers and biometric information when the initial purpose for collecting or obtaining such identifiers or information has been satisfied or within three years of the individual's last interaction with the private entity, whichever occurs first.

Biometrics or Facial Recognition

New York

NY SB 2505

Pending

Amends the generally, enacts into law major components of legislation necessary to implement the state public protection and general government budget for the 2021-2022 state fiscal year, extends the effectiveness of certain provisions of law relating to various criminal justice and public safety programs, establishes the New York state office to end domestic and gender-based violence.

Biometrics or Facial Recognition; Comprehensive

New York

NY SB 2886

Pending

Relates to Establishing the Online Consumer Protection Act, defines terms, provides that an advertising network shall post clear and conspicuous notice on the home page of its own website about its privacy policy and its data collection and use practices related to its advertising delivery activities, makes related provisions.

Website Privacy

New York

NY SB 3234

Pending

Enacts the Facial Recognition Technology Study Act to study privacy concerns and potential regulatory approaches to the development of facial recognition technology.

Biometrics or Facial Recognition; Studies, Task Forces, Comms.

New York

NY SB 3589

Pending

Relates to the use of voice recognition features on certain products.

Biometrics or Facial Recognition; Connected Devices

New York

NY SB 4021

Pending

Establishes the "It's Your Data Act" for the purposes of providing protections and transparency in the collection, use, retention, and sharing of personal information.

Comprehensive

New York

NY SB 4959

Pending

Creates an excise tax on the collection of consumer data by commercial data collectors.

Other Consumer Privacy

New York

NY SB 5879

Pending

Requires retailers to post warning signs of the tracking of customers through cell phones or other electronic devices, provides for civil penalties.

Other Consumer Privacy

New York

NY SB 6463

Pending

Amends the multiple dwelling law and the multiple residence law in relation to the use of electronic or computerized entry systems and the information that may be gathered from such systems.

Biometrics or Facial Recognition

New York

NY SB 6701

Pending

Enacts the NY privacy act to require companies to disclose their methods of de-identifying personal information, to place special safeguards around data sharing and to allow consumers to obtain the names of all entities with whom their information is shared.

Comprehensive; Information Brokers

New York

NY SB 6727

Pending

Enacts the "Data Economy Labor Compensation and Accountability Act", establishes the Office of Consumer Data Protection for the purpose of properly safeguarding personal data, imposes a tax on data controllers and data processors required to register with such office.

Information Brokers

New York

NY SB 8317

Pending

Discloses to a parent the personal information and content about a minor collected by an operator of an internet platform when a parent requests such information.

Children’s Online Privacy; Website Privacy

North Carolina

NC SB 569

Failed-adjourned

Protects consumers by enacting the Consumer Privacy Act.

Comprehensive

Ohio

OH HB 376

Pending

Enacts the Ohio Personal Privacy Act, sets forth various provisions concerning the protection of personal data.

Comprehensive

Ohio

OH HB 414

Pending

Enacts section 1349.63 of the Revised Code, enacts the Not On My Walk Act.

Connected Devices

Oklahoma

OK HB 1602

Failed - adjourned

Relates to privacy of computer data, enacts the Oklahoma Computer Data Privacy Act, defines terms, provides that this act applies to certain businesses that collect consumers' personal information, provides exemptions, prescribes compliance with other Laws and legal proceedings, requires this act to be liberally construed to align its effects with other Laws relating to privacy and protection of personal information.

Comprehensive

Oklahoma

OK HB 2969

Failed - adjourned

Enacts the Oklahoma Computer Data Privacy Act, sets forth various requirements concerning the privacy of computer data, provides that the Act applies to businesses that collect consumers' personal information, provides for a consumer's right to request the deletion of their information, makes other changes.

Comprehensive

Oklahoma

OK HB 3009

Failed - adjourned

Relates to technology, creates a new title, creates the Voice Recognition Privacy Act of 2022, defines terms, regulates connected devices with voice recognition features, prohibits voice recognition services without informing users, prohibits use of personal information in voice recordings, directs that certain recordings be available to users, directs that users be allowed to delete recordings, prohibits the use of incorrectly activated voice recordings, prohibits compelling of manufacturers and service.

Biometrics

Oklahoma

OK HB 3010

Failed - adjourned

Relates to technology; creates a new title; enacts the Filter Bubble Transparency Act of 2022; defines terms; regulates the operation of Internet platforms that use an opaque algorithm; regulates upstream providers and search syndication contracts; grants the Attorney General and district attorneys the power to bring suit for violation of this act; grants courts the ability to enjoin or make orders to prevent the violation of this act; creates a civil penalty; provides for noncodification.

Other Consumer Privacy
Oklahoma

OK HB 3447

Failed - adjourned

Relates to technology, enacts a new title of law, enacts the Personal Data Protection Act, defines terms, clarifies applicability of this act, directs that a controller provide, correct, or amend data subject's personal data on request, directs that a controller provide notice of practices and obtain consent, prohibits controllers use of certain data practice, requires controllers provide redress for performed prohibited practices.

Comprehensive

Oregon

OR HB 4017

Failed

Requires a business entity that collects, stores or transfers the personal data of a resident individual to register with the Department of Consumer and Business Services as data broker.

Information Brokers

Pennsylvania

PA HB 1126

Pending

Provides for consumer data privacy, for rights of consumers and duties of businesses relating to the collection of personal information and for duties of the Attorney General.

Comprehensive

Pennsylvania

PA HB 1908

Pending

Provides for transparency and disclosure of information collected by smart technology devices, establishes the Smart Technology Disclosure Fund, provides for powers and duties of the Office of Attorney General.

Connected Devices

Pennsylvania

PA HB 2202

Pending

Provides for consumer data privacy, for rights of consumers and duties of businesses relating to the collection of personal information and for duties of the Attorney General.

Comprehensive

Pennsylvania

PA HB 2257

Pending

Provides for protection of certain personal data of consumers, imposes duties on controllers and processors of personal data of consumers, provides for enforcement, prescribes penalties, establishes the Consumer Privacy Fund.

Comprehensive

Pennsylvania

PA HB 2283

Pending

Provides for privacy, transparency and compensation regarding the disclosure of information collected by genetic material testing entities, provides for powers and duties of the Office of Attorney General.

Consumer Genetic Privacy

Rhode Island

RI HB 5509

Pending

Prohibits the sale for profit of consumer generated internet data by a social media platform without the consent of and compensation paid to the consumer.

Other Consumer Privacy

Rhode Island

RI HB 5959

Pending

Creates the Transparency and Privacy Protection Act, requires online service providers and commercial websites that collect, store and sell personally identifiable information to disclose what categories of personally identifiable information they collect and to what third parties they sell the information.

Website Privacy

Rhode Island

RI HB 7400

Pending

Requires online service providers and commercial websites that collect, store and sell personally identifiable information to disclose what categories of personally identifiable information they collect and to what third parties they sell the information' provides that this act does not prohibit the collection or sale of personally identifiable information and does not require the retention or disclosure of personally identifiable information by online service providers or commercial websites.

Website Privacy; ISP Privacy

Rhode Island

RI HB 7917

Pending

Creates the Rhode Island information privacy act, allows an individual to access and learn what personal information about the individual has been gathered and stored by covered entities that conduct business in Rhode Island, establishes the Rhode Island information privacy commission to oversee and enforce the provisions of the Rhode Island information privacy act.

Comprehensive; Biometrics or Facial Recognition

Rhode Island

RI SB 2491

Pending

Prohibits the use of facial recognition technology and biometric recognition technology in video lottery terminals at parimutuel licensees in the state or in online betting applications, prohibits the use of certain other technologies in state gaming operations, provides that this prohibition would not apply to standardized rewards programs.

Biometrics or Facial Recognition

South Carolina

SC HB 3063

Pending

Enacts the South Carolina Biometric Data Privacy Act, provides certain requirements for a business that collects a consumer's biometric information, allows the consumer to request that a business delete the collected biometric information and to prohibit the sale of biometric information, establishes certain standards of care for a business that collects biometric information, establishes a procedure for a consumer to opt out of the sale of biometric information.

Biometrics

Utah

UT SB 227

Enacted

Enacts the Utah Consumer Privacy Act, provides consumers the right to access and delete certain personal data maintained by certain businesses and opt out of the collection and use of personal data for certain purposes, requires certain businesses that control and process consumers personal data to take specified actions, including safeguarding consumers personal data and providing clear information to consumers regarding how the consumers personal data are used.

Comprehensive

Virginia

VA HB 381

Enacted

Relates to Consumer Data Protection Act, relates to data deletion request.

Comprehensive

Virginia

VA HB 552

Failed

Relates to Consumer Data Protection Act, relates to nonprofit organizations, provides for the purposes of the Consumer Data Protection Act, that the definition for nonprofit organization includes certain nonprofit organizations exempt from taxation under a specified section of the Internal Revenue Code.

Comprehensive

Virginia

VA HB 714

Enacted

Relates to Consumer Data Protection Act, relates to enforcement, relates to Consumer Privacy Fund.

Comprehensive

Virginia

VA HB 1259

Failed

Concerns the Consumer Data Protection Act, concerns sensitive data, provides that, for purposes of the Consumer Data Protection Act, personal data revealing racial or ethnic origin, religious beliefs, mental or physical diagnosis, sexual orientation, or citizenship or immigration status shall only be considered sensitive data if used to make a decision that results in a legal or similarly significant effect for a consumer.

Comprehensive

Virginia

VA SB 393

Vetoed by  governor

Relates to Consumer Data Protection Act, relates to data deletion request, authorizes a controller of personal data to treat a consumer request to delete data obtained by a third party about a consumer as a request to opt the consumer out of the processing of that data for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.

Comprehensive

Virginia

VA SB 419

Pending - Carryover

Relates to genetic information privacy, relates to civil penalty, establishes requirements for direct-to-consumer genetic testing companies, including requirements related to information to be provided to consumers, consent requirements, requirements related to security of and consumer access to genetic information, requirements for contracts between direct-to-consumer genetic testing companies and service providers, and prohibitions on disclosure of genetic information.

Consumer Genetic Privacy

Virginia

VA SB 516

Failed

Relates to Consumer Data Protection Act, relates to nonprofit organizations, provides, for the purposes of the Consumer Data Protection Act, that the definition for nonprofit organization includes certain nonprofit organizations exempt from taxation under Section 501 (4) of the Internal Revenue Code.

Comprehensive

Virginia

VA SB 534

Enacted

Relates to Consumer Data Protection Act, relates to enforcement, relates to Consumer Privacy Fund.

Comprehensive

Virginia

VA SB 584

Failed

Relates to Consumer Data Protection Act, relates to personal data obtained from source other than the consumer, provides that if a controller has obtained personal data about a consumer from a source other than the consumer, the controller may comply with such consumer's request to delete such personal data by opting the consumer out of the processing of such personal data for targeted advertising, sale, or profiling.

Comprehensive

Vermont

VT HB 75

Failed - adjourned

Relates to promoting consumer protection in data and technology.

Children’s Online Privacy; Biometrics or Facial Recognition

Vermont

VT HB 160

Failed - adjourned

Relates to protecting consumer data privacy.

Other Consumer Privacy

Vermont

VT HB 233

Failed - adjourned

Relates to consumer protection and ensuring confidentiality of genetic information.

Consumer Genetic Privacy

Vermont

VT HB 274

Failed - adjourned

Relates to consumer protection and collection of consumer information.

Connected Devices

Vermont

VT HB 570

Failed - adjourned

Relates to enhancing data privacy protections for consumers.

Other Consumer Privacy

Washington

WA HB 1433

Failed-adjourned

Creates a charter of people's personal data rights.

Comprehensive

Washington

WA HB 1850

Failed-adjourned

Protects and enforces the foundational data privacy rights of Washingtonians.

Comprehensive

Washington

WA HR 4642

Adopted

Commemorates Data Privacy Day.

Other Consumer Privacy

Washington

WA SB 5062

Failed-adjourned

Concerns the management, oversight, and use of data.

Comprehensive

Washington

WA SB 5813

Failed-adjourned

Establishes data privacy protections to strengthen a consumer's ability to access, manage, and protect their personal data.

Information Brokers

Wisconsin

WI AB 807

Failed

Concerns privacy and security of customer information obtained by a broadband Internet access service provider, provides a penalty.

ISP Privacy

Wisconsin

WI AB 957

Failed

Concerns consumer data protection, provides a penalty.

Comprehensive

Wisconsin

WI AB 1050

Failed

Concerns the privacy of consumer data, grants rule making authority, provides a penalty.

Comprehensive

Wisconsin

WI SB 779

Failed

Concerns privacy and security of customer information obtained by a broadband Internet access service provider, provides a penalty.

ISP Privacy

Wisconsin

WI SB 957

Failed

Concerns consumer data protection, provides a penalty.

Comprehensive

Wisconsin

WI SB 977

Failed

Concerns the privacy of consumer data, grants rule making authority, provides a penalty.

Comprehensive

West Virginia

WV HB 2064

Failed-adjourned

Relates to the Biometric Information Privacy Act.

Biometrics;

West Virginia

WV HB 2148

Failed-adjourned

Imposes a general data mining service tax on commercial data operators.

Other Consumer Privacy

West Virginia

WV HB 4325

Failed-adjourned

Provides online privacy protection Laws for children under specified years of age.

Children’s Online Privacy; Website Privacy

West Virginia

WV HB 4454

Failed-adjourned

Allows consumers to opt out of the sale of personal information.

Other Consumer Privacy

West Virginia

WV SB 490

Failed-adjourned

Expands online privacy protection for minors.

Children’s Online Privacy; Website Privacy

Wyoming

WY HB 86

Enacted

Relates to genetic data privacy, prohibits the collection, retention and disclosure of genetic data as specified, provides exceptions, provides for a civil cause of action by the attorney general as specified, provides definitions, specifies applicability, provides for an effective date.

Consumer Genetic Privacy

District of Columbia

DC B 451

Pending

Enacts the Uniform Personal Data Protection Act to apply fair information practice principles to the collection and use of consumer personal data by businesses, permits without consent compatible data practices that are consistent with the general expectations of the data user or benefit the data users, permits incompatible data practices that are not harmful with notice and consent, prohibits certain data practices that pose a substantial risk of harm.

Comprehensive

本文: