概述
州立法机构长期以来一直参与监管各类信息或特定行业部门的隐私。例如,保护学生信息、个人社会安全号码、医疗信息和其他类型信息的法律。
然而,消费者隐私问题最近在州立法机构变得越来越重要,包括在2023年。
2023年,至少有40个州和波多黎各提出或考虑了至少350项消费者隐私法案。
全面的(有时也称为综合性的)消费者隐私立法是正在考虑的一种常见法案——至少在25个州至少有60项法案。
在2023年之前,五个州颁布了全面的消费者隐私法:
- 《2018年加州消费者隐私法》和《加州消费者隐私权法》(2020年24号提案)(加州民法典§1798.100及以下)
- 《科罗拉多州隐私法》,2021 SB 190(《科罗拉多州法律总汇》第6-1-1301节等)
- 康涅狄格州个人数据隐私和在线监控(2022 SB 6)
- 《犹他州消费者隐私法》,2022 SB 227(《犹他州法典》附件§13-61-101及以下内容——2023年12月31日生效。)
- 《弗吉尼亚州消费者数据保护法》(弗吉尼亚州法典§59.1-575等)
2023年,八个州颁布了全面的消费者隐私法:特拉华州、佛罗里达州、印第安纳州、爱荷华州、蒙大拿州、俄勒冈州、田纳西州和得克萨斯州。
这里追踪到的其他一些更常见类型的消费者隐私立法涉及商业实体、在线服务或商业网站从消费者那里收集数据,包括与网站隐私或互联网上儿童隐私相关的法案、直接面向消费者的基因检测、ISP和信息/数据代理监管,以及其他消费者隐私问题。
有关消费者隐私法案类别的解释,请参阅立法表格。
| State | Bill Number | Bill Title | Bill Status | Bill Summary | Category |
|---|---|---|---|---|---|
|
Alabama |
Judges and Justices |
Failed - Adjourned |
Relates to judges and justices, prohibits certain agencies from publicly posting or displaying a judge's personal information in certain circumstances, provides for penalties for violations. |
Information Brokers |
|
|
Alabama |
Judges and Justices |
Failed - Adjourned |
Relates to judges and justices, prohibits certain agencies from publicly posting or displaying a judge's personal information in certain circumstances, provides for penalties for violations. |
Information Brokers |
|
|
Alaska |
None |
|
|
|
|
|
Arizona |
Banks and Financial Institutions Personal Information |
Enacted |
Provides that notwithstanding any other law and except as provided by an applicable law that requires a retention period that exceeds a specified number of years, a bank or financial institution shall destroy, in a manner prescribed by law, all personal information belonging to a former customer or client not later than a specified number of years after the business relationship ends. |
Other Consumer Privacy |
|
|
Arizona |
Unidentified Patients |
Enacted |
Allows a licensed hospital to request assistance from a criminal justice agency, for noncriminal justice purposes, to determine the identity of an unidentified patient who is either incapacitated or deceased. |
Biometrics or Facial Recognition |
|
|
Arizona |
Hospitals and Unidentified Patients and Fingerprints |
Failed - Adjourned |
Relates to hospitals, relates to unidentified patients, relates to fingerprints. |
Biometrics or Facial Recognition |
|
|
Arizona |
Biometrics Identifiers and Collection |
Failed - Adjourned |
Relates to biometrics identifiers, relates to collection, relates to retention, relates to disclosure. |
Biometrics or Facial Recognition |
|
|
Arizona |
Explicit Content and Age Verification |
Failed - Adjourned |
Provides that a commercial entity that intentionally or knowingly publishes or distributes material harmful to minors on the internet from a website that contains a substantial portion of such material shall verify that any person attempting to access material harmful to minors is at least a specified age, provides that verification may be made either using a commercially available database for the purposes of verification and through any other commercially reasonable method of verification. |
Other Consumer Privacy |
|
|
Arkansas |
Social Media Safety Act |
Enacted |
Creates the Social Media Safety Act, requires age verification for use of social media, clarifies liability for failure to perform age verification for use of social media and illegal retention of data, requires parental consent, relates to liability for social media companies. |
Other Consumer Privacy |
|
|
California |
State Government |
Enacted |
Relates to the California Age-Appropriate Design Code Act and the California Children's Data Protection Working Group. Specifies that the working group is within the office of the attorney general. Requires the Department of Finance to calculate the individual subvention amounts for each of the specified state programs and provide this information on an annual basis to the California State Association of Counties and the League of California Cities for distribution to local agencies. Appropriates funds. |
Children’s Online Privacy |
|
|
California |
Confidentiality of Medical Information Act |
Enacted |
Revises the definition of medical information to include reproductive or sexual health application information means information about a consumer's reproductive or sexual health collected by a reproductive or sexual health digital service. Makes a business that offers a reproductive or sexual health digital service to a consumer for the purpose of allowing the individual to manage the individual's information a provider of health care subject to the Confidentiality of Medical Information Act. |
Other Consumer Privacy |
|
|
California |
Health Information |
Enacted |
Require specified businesses that electronically store or maintain medical information on the provision of sensitive services on behalf of a provider of health care, health care service plan, pharmaceutical company, contractor, or employer to develop capabilities, policies, and procedures, on or before specified date, to enable certain security features, including limiting user access privileges and segregating medical information related to gender affirming care, abortion and abortion-related services. |
Other Consumer Privacy |
|
|
California |
California Right to Financial Privacy Act |
To governor |
Relates to the California Right to Financial Privacy Act, which provides for the confidentiality of the financial records of people who transact business with, or use the services of, financial institutions or for whom a financial institution has acted as a fiduciary. Expands the period covered by the statement of information to a period of a specified number of days before, and up to a specified number of days following, the date of occurrence. |
Other Consumer Privacy |
|
|
California |
Confidentiality of Medical Information Act |
Pending - Carryover |
Makes non-substantive changes to the title provision of the Confidentiality of Medical Information Act. |
Health |
|
|
California |
Privacy: Reverse Demands |
Pending – Carryover |
Provides that existing law requires a state corporation that provides electronic communication services or remote computing services to the public to comply with a warrant issued by another state to produce specified records as if that warrant had been issued by a state court, with exceptions. Prohibits any government entity from seeking, or any court from enforcing, assisting, or supporting, a reverse-keyword or location demand issued by a government entity or court in the state or any other state. |
Other Consumer Privacy |
|
|
California |
Student Privacy: Online Personal Information |
Pending - Carryover |
Relates to the California Consumer Privacy Act of 2018 (CCPA), the Early Learning Personal Information Protection Act and the Student Online Personal Information Protection Act. Provides that, when applied to K-12 students, covered information does not include official records, files, and data directly related to a student and maintained by the school or local educational agency, including information within records encompassing all the material kept in the student's cumulative folder. |
Children’s Online Privacy |
|
|
California |
California Consumer Privacy Act of 2018 |
To governor |
Defines sensitive personal information for purposes of the California Consumer Privacy Act to additionally include personal information that reveals a consumer's citizenship or immigration status. Authorizes the Legislature to amend the act to further the purposes and intent of the act by a majority vote of both houses of the Legislature. |
Comprehensive |
|
|
California |
Social Care: Data Privacy |
Pending - Carryover |
Relates to the Health Insurance Portability and Accountability Act and the Confidentiality of Medical Information Act. Prohibits a participating entity of a closed-loop referral system (CLRS) from selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, social care information stored in or transmitted through a CLRS in exchange for monetary or other valuable consideration, with specified exceptions. |
Other Consumer Privacy |
|
|
California |
Social Media Platforms: Drug Safety Policies |
To governor |
Provides that existing law requires a social media platform to create and post a policy statement regarding the use of the platform to illegally distribute controlled substances. Requires a platform to retain content it has taken down or removed for a violation of its policy related to controlled substances for a specified period, except when the platform has a good faith belief that the content is related to offering, seeking, or receiving of gender-affirming health care, mental care, or reproductive care. |
Other Consumer Privacy |
|
|
California |
Telecommunications: Privacy Protections |
Pending - Carryover |
Relates to telecommunications and privacy protections. Authorizes providing specified telephone numbers to those parties without consent for the purpose of responding to a 988 call or testing the systems that respond to 988 calls. |
ISP Privacy |
|
|
California |
California Privacy Rights Act: Exemptions |
To governor |
Requires a business, if the consumer's personal information contains information related to accessing, procuring, or searching for services regarding contraception, pregnancy care, and perinatal care, including, but not limited to, abortion services, to comply with the obligations imposed by the California Privacy Rights Act of 2020 unless the personal information is used for specified business purposes, as defined, is only retained in aggregated and deidentified form, and is not sold or shared. |
Other Consumer Privacy |
|
|
California |
CA Consumer Privacy Act of 2018: Statute of Limitations |
Pending - Carryover |
Requires an action by the attorney general to enforce the California Consumer Privacy Act to be commenced within a specified number of years after the cause of action accrued. |
Comprehensive |
|
|
California |
State Government |
Pending - Carryover |
Specifies that the California Children's Data Protection Working Group is within the office of the attorney general. Requires the Department of Finance to calculate the individual subvention amounts for specified state programs and provide this information on an annual basis to the California State Association of Counties and the League of California Cities for distribution to local agencies. Establishes a Racial Equity Commission. Appropriates funds. |
Children’s Online Privacy |
|
|
California |
In-Vehicle Cameras |
To governor |
Prohibits any images or video recordings collected through the operation of an in-vehicle camera from being used for any advertising purpose or being sold to any third party. Provides an exception to certain prohibitions to comply with a lawful subpoena, court order, search warrant, or preservation request. |
Other Consumer Privacy |
|
|
California |
Data Broker Registration: Accessible Deletion Mechanism |
To governor |
Relates to the California Consumer Privacy Act of 2018, which grants a consumer various rights with respect to personal information that is collected or sold by a business. Requires the California Privacy Protection Agency to establish an accessible deletion mechanism that, allows a consumer, through a single verifiable consumer request, to request that every data broker that maintains any personal information delete any personal information related to that consumer held by the data broker or contractor. |
Information Brokers |
|
|
California |
Insurance: Privacy Notices and Personal Information |
Enacted |
Provides that the Insurance Information and Privacy Protection Act requires an insurance institution or agent to provide a notice of information to applicants and policyholders in connection with specified insurance transactions. Codifies the requirement to annually provide a clear and conspicuous privacy notice to customers. States that an insurance institution or agent is in compliance with this requirement if specified criteria are met. |
Other Consumer Privacy |
|
|
California |
Let Parents Choose Protection Act of 2023 |
Pending - Carryover |
Requires large social media platform providers to create, maintain, and make available to specified third-party safety software providers a set of third party-accessible application programming interfaces to allow a third-party safety software provider, upon authorization by a child or a parent or legal guardian of a child, to monitor a child's online interactions, content, and account settings and initiate secure transfers of the child's user data for these purposes. |
Children’s Online Privacy |
|
|
California |
Data Privacy Week and Day |
Adopted |
Designates specified week as Data Privacy Week. Designates specified date as Data Privacy Day. |
Other Consumer Privacy |
|
|
Colorado |
None |
|
|
|
|
|
Connecticut |
State Cause of Action |
Failed |
Creates a state cause of action for a violation of the federal health insurance portability and accountability act of 1996, creates a state cause of action for an individual to recover damages for violations of the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA). |
Other Consumer Privacy |
|
|
Connecticut |
Digital Privacy |
Failed |
Concerns minors and digital privacy, prohibits the collection and commercial use of certain digital information concerning minors. |
Children’s Online Privacy |
|
|
Connecticut |
Personal Data Privacy Standards |
Failed |
Applies the requirements of specified public act concerning personal data privacy to state agencies. |
Comprehensive |
|
|
Connecticut |
Age-Appropriate Design Code |
Failed |
Adopts a Connecticut Age-Appropriate Design Code that creates privacy and safety obligations for providers of online products and services accessed by children. |
Children’s Online Privacy |
|
|
Connecticut |
Data Privacy Protections for Minors |
Failed |
Establishes additional data privacy protections for minors. |
Children’s Online Privacy |
|
|
Connecticut |
Online Privacy and Protections |
Enacted |
Concerns online privacy, data and safety protections. |
Other Consumer Privacy |
|
|
Connecticut |
Disclosure of the Use of Facial Recognition Technology |
Failed |
Requires a clear disclosure in all public spaces where facial recognition technology is being used to identify customers and guests. |
Biometrics or Facial Recognition |
|
|
Connecticut |
Attorney Generals Recommendations |
Enacted |
Relates to charitable organizations, telecommunications and the attorney general's recommendations regarding consumer protection, provides that if a price is charged for admission to a place of entertainment, the operator of the place of entertainment shall print, endorse or otherwise disclose on the face of each ticket to an entertainment event at such place of entertainment the price established for such ticket or, if such operator sells or resells such ticket, including at auction, the final price. |
Comprehensive |
|
|
Connecticut |
Right to Privacy |
Failed - Adjourned |
Proposes a state constitutional amendment concerning a right to privacy. |
Constitutional Amendment |
|
|
Delaware |
Delaware Personal Data Privacy Act |
Enacted |
Relates to personal data privacy and consumer protection, provides that a consumer has the right to, among other things, confirm whether a controller is processing the consumer's personal data and access such personal data, unless such confirmation or access would require the controller to reveal a trade secret. |
Comprehensive |
|
|
District of Columbia |
None |
|
|
|
|
|
Florida |
Student Online Personal Information Protection |
Failed |
Relates to student online personal information protection, prohibits operators from knowingly engaging in specified activities relating to students covered information, provides exception, specifies duties of operator, provides circumstances under which operator may disclose students covered information. |
Children’s Online Privacy |
|
|
Florida |
Childhood Mental Health Safety and Welfare |
Failed - Adjourned |
Relates to childhood mental health, safety, and welfare, revises array of services offered by child and adolescent mental health system of care, requires specified professionals to complete course on technology addiction and pornography addiction, requires warning label be affixed to packaging of certain digital devices, requires commercial entity to verify age of individuals attempting to access certain material online, prohibits entity from retaining personal identifying information, revises definition. |
Other Consumer Privacy |
|
|
Florida |
Technology Transparency |
Failed |
Relates to technology transparency, prohibits officers or salaried employees of governmental entities from using their positions or state resources to make certain requests of social media platforms, prohibits governmental entities from initiating or maintaining certain agreements or working relationships with social media platforms, provides exceptions, prohibits controller from collecting certain consumer information. |
Comprehensive |
|
|
Florida |
Technology Transparency |
Enacted |
Prohibits officers or salaried employees of governmental entities from using their positions or state resources to make certain requests of social media platforms, prohibits governmental entities from initiating or maintaining agreements or working relationships with social media platforms under a specified circumstance, provides exceptions, prohibits certain conduct by an online platform that provides online services, products, games, or features likely to be predominantly accessed by children. |
Comprehensive |
|
|
Florida |
Protection of Exploited Persons |
Failed - Adjourned |
Relates to protection of exploited persons. |
Other Consumer Privacy |
|
|
Florida |
Student Online Personal Information Protection |
Enacted |
Relates to student online personal information protection, cites this act as the Student Online Personal Information Protection Act, prohibits operators from knowingly engaging in specified activities relating to students covered information, specifies the duties of an operator, provides circumstances under which an operator may disclose students covered information, provides for enforcement under the Florida Deceptive and Unfair Trade Practices Act. |
Children’s Online Privacy |
|
|
Florida |
Childhood Mental Health Safety and Welfare |
Failed - Adjourned |
Relates to childhood mental health, safety, and welfare, revises the array of services offered by the child and adolescent mental health system of care, requires specified mental health care professionals to complete a course on technology addiction and pornography addiction by a specified date, requires that a warning label be affixed to the packaging of certain digital devices. |
Other Consumer Privacy |
|
|
Georgia |
Data Privacy Act |
Pending - Carryover |
Relates to selling and other trade practices, to prohibit a manufacturer of consumer electronic devices from allowing consumers to opt out of certain data collection by third parties unless the consumer can opt of the same data collection by the manufacturer, provides for a short title, provides for definitions, provides for enforcement, limitations, exclusions, construction, and applicability, provides for related matters, repeals conflicting laws. |
Other Consumer Privacy |
|
|
Guam |
None |
|
|
|
|
|
Hawaii |
Personal Consumer Data |
Pending - Carryover |
Provides for the Consumer Data Protection Act, which applies to persons that conduct business in the state or produce products or services that are targeted to state residents and, during the year, control or process personal data of at least a specified number of consumers and derive over a specified percent of gross revenue from the sale of personal data, provides that a consumer may invoke the consumer rights by submitting a request to a controller specifying the rights the consumer wishes to invoke. |
Comprehensive |
|
|
Hawaii |
Abortion Out of State Actions |
Enacted |
Protects an individual's right to privacy and bodily autonomy within the boundaries of the state, including minors, and declares that the laws of other states authorizing civil actions and criminal prosecutions for receiving, seeking, providing, or aiding and abetting the provision of reproductive health care services are contrary to the state's public policy, prohibits recognition and enforcement of other states' laws that impose civil or criminal liability relating to reproductive health care services. |
Other Consumer Privacy |
|
|
Hawaii |
Internet Privacy |
Pending - Carryover |
Proposes to amend the state constitution by establishing the right of each person to own and have an exclusive property right in the data they generate on the internet. |
Constitutional Amendment |
|
|
Hawaii |
Reproductive Health Care Services Patient Information |
Pending - Carryover |
Prohibits state and county employees and officers from providing reproductive health care services patient information or expending state resources in furtherance of another state's investigation or proceeding that seeks to impose civil, criminal, or professional liability upon a person or entity related to reproductive health care services, prohibits any person from being compelled to provide reproductive health care services patient information. |
Other Consumer Privacy |
|
|
Hawaii |
Reproductive Health Care Services |
Pending - Carryover |
Prohibits a covered entity from disclosing communication or information relating to reproductive health care services, prohibits the issuance of a subpoena in connection with an out-of- state proceeding relating to reproductive health care services legally performed in the state, prohibits agencies from providing information or expending resources in the furtherance of interstate investigations or proceedings relating to reproductive health care services. |
Other Consumer Privacy |
|
|
Hawaii |
Consumer Data Protection Act |
Pending - Carryover |
Establishes a framework to regulate controllers and processors with access to personal consumer data, establishes penalties, establishes a new consumer privacy special fund, appropriates funds to the Department of the Attorney General. |
Comprehensive |
|
|
Hawaii |
Biometric Identifiers |
Pending - Carryover |
Establishes standards for the collection, storage, retention, and destruction of biometric identifiers and biometric information by private entities. |
Biometrics or Facial Recognition |
|
|
Hawaii |
Personal Consumer Data |
Pending - Carryover |
Establishes a framework to regulate controllers and processors with access to personal consumer data, establishes that a violation of the consumer data privacy act constitutes an unfair method of competition and unfair and deceptive acts or practices in the conduct of any trade of commerce, authorizes a person injured by a violation of the personal consumer data act to bring a civil action against a controller or processor. |
Comprehensive |
|
|
Hawaii |
Internet Privacy |
Pending - Carryover |
Prohibits the sale of geolocation information and internet browser information without consent. |
ISP Privacy; Location Privacy |
|
|
Idaho |
None |
|
|
|
|
|
Illinois |
Biometric Information Privacy Act |
Pending |
Amends the Biometric Information Privacy Act, makes a technical change in a section concerning the short title. |
Biometrics or Facial Recognition |
|
|
Illinois |
Biometric Information Privacy Act |
Pending |
Amends the Biometric Information Privacy Act, makes a technical change in a section concerning the short title. |
Biometrics or Facial Recognition |
|
|
Illinois |
Genetic Information Privacy Act |
Pending |
Amends the Genetic Information Privacy Act, provides that in accordance with the Sexual Assault Evidence Submission Act, genetic information derived from reference specimens of DNA from: a victim of a sexual assault crime or alleged sexual assault crime, knowns reference samples of DNA from any individual that were voluntarily provided for the purpose of exclusion: and any profiles developed from those samples, may be used only for purposes directly related to the investigation of the sexual assault. |
Genetic Privacy |
|
|
Illinois |
Biometric Information Privacy Act |
Pending |
Amends the Biometric Information Privacy Act, provides that nothing in the act shall be construed to apply to any health care employer that hires an employee under the Health Care Worker Background Check Act and the employee has submitted to a fingerprint-based criminal history records check, uses and stores biometric information or biometric identifiers exclusively for employment, human resources, compliance, payroll, identification, authentication, safety, security, or fraud prevention purposes. |
Biometrics or Facial Recognition |
|
|
Illinois |
Right to Know Act and Commercial Website |
Pending |
Creates the Right to Know Act, provides that an operator of a commercial website or online service that collects personally identifiable information through the internet about individual customers residing in Illinois who use or visit its commercial website or online service shall notify those customers of certain specified information pertaining to its personal information sharing practices. |
Website Privacy |
|
|
Illinois |
Banking Customer Financial Records and Confidentiality |
Pending |
Amends the Banking Act, provides that any person, corporation, or financial institution that conducts business or performs transactions on behalf of or at the direction of an executor or administrator with the will annexed shall be fully protected and released from liability to the same extent that the executor or administrator with the will annexed would be if the executor or administrator with the will annexed was lawfully authorized to conduct the business or perform the transaction. |
Other Consumer Privacy |
|
|
Illinois |
Biometric Information Privacy Act |
Pending |
Amends the Biometric Information Privacy Act, changes the term written release to written consent, provides that the written policy that is developed by a private entity in possession of biometric identifiers shall be made available to the person from whom biometric information is to be collected or was collected. |
Biometrics or Facial Recognition |
|
|
Illinois |
Biometric Privacy Information Act |
Pending |
Amends the Biometric Privacy Information Act, defines security purpose as the purpose of preventing retail theft, fraud, or any other misappropriation or theft of a thing of value, including protecting property from trespass, controlling access to property, protecting any person from harm, including stalking, violence, or harassment, and assisting a law enforcement investigation, allows a private entity to collect, capture, or otherwise obtain a person's or customer's biometric identifier or biometric. |
Biometrics or Facial Recognition |
|
|
Illinois |
Biometric Information Privacy Act |
Pending |
Amends the Biometric Information Privacy Act, changes the definitions of biometric identifier and written release, defines biometric lock, biometric time clock, electronic signature, in writing, and security purpose, provides that if the biometric identifier or biometric information is collected or captured for the same repeated process, the private entity is only required to inform the subject or receive consent during the initial collection. |
Biometrics or Facial Recognition |
|
|
Illinois |
Reproductive Health Act |
Pending |
Amends the Reproductive Health Act, provides that a health care professional who provides abortion-related care may submit to any governmental agency, person, business, or association a written request that the governmental agency, person, business, or association refrain from disclosing any personal information about the health care professional, provides that if a governmental agency receives a written request from a health care professional, the governmental agency shall not publicly post or display. |
Other Consumer Privacy |
|
|
Illinois |
Biometric Information Privacy Act |
Pending |
Amends the Biometric Information Privacy Act, changes the term written release to written consent, allows written consent to be obtained by electronic means, provides that a person aggrieved by a violation of the act may only commence an action after the aggrieved person provides a private entity 15 days' written notice identifying the specific provisions of the Act the aggrieved person alleges have been or are being violated. |
Biometrics or Facial Recognition |
|
|
Illinois |
Biometric Information Privacy Act |
Pending |
Amends the Biometric Information Privacy Act, requires an aggrieved person to commence an action for a violation of the act within a specified year of the date of the violation or the date on which the aggrieved person discovers the violation. |
Biometrics or Facial Recognition |
|
|
Illinois |
Data Privacy and Protection Act |
Pending |
Creates the Data Privacy and Protection Act, provides that a covered entity may not collect, process, or transfer covered data unless the collection, processing, or transfer is limited to what is reasonably necessary and proportionate, provides that a covered entity and a service provider shall establish, implement, and maintain reasonable policies, practices, and procedures concerning the collection, processing, and transferring of covered data, contains provisions concerning retaliation. |
Comprehensive |
|
|
Illinois |
Keep Internet Devices Safe Act |
Pending |
Creates the Keep Internet Devices Safe Act, provides that no private entity may turn on or enable a digital device's microphone unless the registered account holder or another user that is setting up or configuring the device first agrees to a consumer agreement or privacy notice meeting specified criteria. |
Connected Devices |
|
|
Illinois |
Protect Health Data Privacy Act |
Pending |
Amends the Protect Health Data Privacy Act, provides that a regulated entity shall disclose and maintain a health data privacy policy that, in plain language, clearly and conspicuously disclosures specified information, provides that a regulated entity shall prominently publish its health data privacy policy on its website homepage, provides that a regulated entity shall not collect, share, sell, or store categories of health data not disclosed in the health data privacy policy without first disclosing. |
Other Consumer Privacy; Website Privacy |
|
|
Illinois |
Childrens Privacy Protection and Parental Empowerment |
Pending |
Creates the Children's Privacy Protection and Parental Empowerment Act, provides that a business that provides an online service, product, or feature likely to be accessed by children shall take specified actions, including completing a data protection impact assessment for any online service, product, or feature likely to be accessed by children. |
Children’s Online Privacy |
|
|
Illinois |
Protect Health Data Privacy Act |
Pending |
Creates the Protect Health Data Privacy Act, provides that a regulated entity shall disclose and maintain a health data privacy policy that clearly and conspicuously discloses specified information, sets forth provisions concerning health data privacy policies, provides that a regulated entity shall not collect, share, or store health data, except in specified circumstances, provides that it is unlawful for any person to sell or offer to sell health data concerning a consumer. |
Other Consumer Privacy |
|
|
Illinois |
Biometric Information Privacy Act |
Pending |
Amends the Biometric Information Privacy Act, defines security purpose as a purpose to ensure that a person accessing an online product or service is who they person claims to be or a person identified as a safety concern or as a person violating the terms of use or service of the online product or service can be kept off of or denied access to the product or service. |
Biometrics or Facial Recognition |
|
|
Illinois |
Genetic Information Privacy Act |
Pending |
Amends the Genetic Information Privacy Act, provides that an insurer may not seek information derived from genetic testing for use in connection with a policy of life insurance, provides that an insurer may consider the results of genetic testing in connection with a policy of life insurance if the individual voluntarily submits the results and the results are favorable to the individual, amends the Insurance Code, provides that an insurer must comply with the provisions of the Genetic Information Privacy Act in connection with the amendment, delivery, issuance, or renewal of a life insurance policy; claims for or denial of coverage under a life insurance policy; or the determination of premiums or rates under a life insurance policy. |
Genetic Privacy |
|
|
Illinois |
Genetic Information Privacy Act |
Pending |
Amends the Genetic Information Privacy Act, removes language exempting insurers that are issuing a long-term care policy from specified provisions, regards to any policy, contract, or plan offered, entered into, issued, amended, or renewed on or after Jan. 1, 2024, by a health insurer, life insurer, or long-term care insurer authorized to transact insurance in this state, a health insurer, life insurer, or long-term care insurer. |
Genetic Privacy |
|
|
Illinois |
Right to Know Act |
Pending |
Creates the Right to Know Act, provides that an operator of a commercial website or online service that collects personally identifiable information through the internet about individual customers residing in who use or visit its commercial website or online service shall notify those customers of certain specified information pertaining to its personal information sharing practices, requires an operator to make available certain specified information upon disclosing a customer's personal information. |
Website Privacy |
|
|
Illinois |
Biometric Information Privacy Act |
Pending |
Amends the Biometric Information Privacy Act, changes the definitions of biometric identifier and written release, defines biometric lock, biometric time clock, electronic signature, in writing, and security purpose, provides that if the biometric identifier or biometric information is collected or captured for the same repeated process, the private entity is only required to inform the subject or receive consent during the initial collection. |
Biometrics or Facial Recognition |
|
|
Illinois |
Biometric Privacy Information Act |
Pending |
Amends the Biometric Privacy Information Act, defines security purpose as the purpose of preventing retail theft, fraud, or any other misappropriation or theft of a thing of value, including protecting property from trespass, controlling access to property, protecting any person from harm, including stalking, violence, or harassment, and assisting a law enforcement investigation, allows a private entity to collect, capture, or otherwise obtain a person's or customer's biometric identifier or biometric. |
Biometrics or Facial Recognition |
|
|
Illinois |
Health Data Privacy Act |
Pending |
Creates the Health Data Privacy Act. |
Other Consumer Privacy |
|
|
Illinois |
Minor Online Data Privacy Act |
Pending |
Creates the Minor Online Data Privacy Act, contains only a short title provision. |
Children’s Online Privacy |
|
|
Illinois |
Banking Act |
Pending |
Amends the Banking Act, in provisions concerning customer financial records and confidentiality, provides that the language does not prohibit the furnishing of financial information to the executor, executrix, administrator, or other lawful representative of the estate of a customer, amends the Savings Bank Act, provides that the provisions do not prohibit the furnishing of financial information to the executor, executrix, administrator, or other lawful representative of the estate of a customer. |
Other Consumer Privacy |
|
|
Illinois |
Student Online Personal Protection Act |
Pending |
Amends the Student Online Personal Protection Act, provides that covered information does not include de-identified or aggregate information from which all personally identifiable information of a student has been removed, makes conforming changes, provides that the covered information restrictions shall be included as part of the operator's terms of service agreement, privacy policy, or similar document, removes provisions requiring that if the school maintains a website. |
Children’s Online Privacy |
|
|
Illinois |
Commercial Data Collector Tax Act |
Pending |
Creates the Commercial Data Collector Tax Act, provides that there shall be a monthly excise tax on the collection of the consumer data of individual state consumers by commercial data collectors, which shall be paid to the Department of Revenue and deposited into the general revenue fund, sets forth details regarding the tax to be paid, who qualifies as a consumer for purposes of the tax and alternative methods for collecting the tax, contains provisions concerning required disclosures and rulemaking. |
Information Brokers |
|
|
Indiana |
Consumer Data Protection |
Failed - Adjourned |
Relates to consumer data protection, establishes in the Indiana Code a new article concerning consumer data protection, sets forth definitions of terms that apply throughout the article, sets forth exemptions for certain, persons, and types of information and data from the bill's requirements concerning the personal data of Indiana consumers, sets forth the rights of a consumer with respect to personal data relating to the consumer. |
Comprehensive |
|
|
Indiana |
Consumer Data Protection |
Enacted |
Provides that a consumer may invoke specified rights by submitting to a controller of personal data a request specifying the rights the consumer wishes to invoke, provides that a known child's parent or legal guardian may invoke on behalf of the child one or more rights with respect to the processing of personal data belonging to the known child by submitting to a controller a request specifying the rights the consumer wishes to invoke on behalf of the child. |
Comprehensive |
|
|
Iowa |
Consumer Data Protection |
Failed |
Relates to consumer data protection, provides civil penalties, includes effective date provisions. |
Comprehensive |
|
|
Iowa |
Civil Liability for Material Harmful to Minors |
Pending - Carryover |
Relates to civil liability for commercial entities who publish or distribute material harmful to minors on the internet, provides penalties. |
Other Consumer Privacy |
|
|
Iowa |
Social Media Data Collection Regarding Children |
Pending - Carryover |
Relates to social media data collection regarding children under 18 years of age, provides civil penalties, includes applicability provisions. |
Children’s Online Privacy |
|
|
Iowa |
Consumer Data Protection |
Enacted |
Relates to consumer data protection, provides civil penalties, relates to consumer data rights, provides that a consumer may invoke the consumer rights at any time by submitting a request to the data controller specifying the consumer rights the consumer wishes to invoke, provides that a known child’s parent or legal guardian may invoke such consumer rights on behalf of the known child regarding processing personal data belonging to the child. |
Comprehensive |
|
|
Kansas |
None |
|
|
|
|
|
Kentucky |
Consumer Data Privacy |
Failed - Adjourned |
Establishes consumer rights relating to personal data, includes the rights to confirm whether data is being processed, to delete personal data provided by the consumer, to obtain a copy of the consumer's personal data that was previously provided, and to opt out of targeted advertising and the sale of data, defines terms, sets forth the types of data and the persons or entities to which the statutory provisions do and do not apply. |
Comprehensive |
|
|
Kentucky |
Protection of Minors |
Failed - Adjourned |
Defines terms, establishes a cause of action against any commercial entity that publishes matter harmful to minors on the internet without obtaining age verification, requires removal of personal data following review for access, establishes civil penalties for violations. |
Other Consumer Privacy |
|
|
Kentucky |
Biometric Data |
Failed - Adjourned |
Defines terms, requires a private entity to develop a written policy and retention schedule for the biometric identifiers it collects, creates restrictions on the collection, capture, purchase, or trade of biometric identifiers, requires disclosure of biometric identifier information per individual request, creates a civil cause of action, clarifies statutory construction, acts may be cited as the Biometric Identifiers Privacy Act. |
Biometrics or Facial Recognition |
|
|
Kentucky |
Consumer Data Privacy |
Failed - Adjourned |
Defines various consumer rights related to data collection, requires a data controller to comply with a consumer request to exercise those rights, including confirming whether or not a controller is processing the consumers data and providing the consumer access to his or her data, deleting his or her personal data, and providing a copy of the consumers data that he or she previously provided in a portable and usable format, provides for opting out. |
Comprehensive |
|
|
Kentucky |
Violations of Privacy |
Failed - Adjourned |
Creates a cause of action for introduction of an identification device, restricts use of facial recognition technology and biometric identifiers, creates a cause of action for use of facial recognition technology or biometric identifiers, prohibits the use of facial recognition technology as evidence, proposes a new rule of evidence to make evidence gained from use of facial recognition inadmissible. |
Biometrics or Facial Recognition |
|
|
Louisiana |
Commercial Regulations |
Enacted |
Creates the Secure Online Child Interaction and Age Limitation Act. |
Children’s Online Privacy; Other Consumer Privacy |
|
|
Louisiana |
Consumers and Protection |
Failed - Adjourned |
Provides relative to the protection of data. |
Comprehensive |
|
|
Maine |
Request for Information |
Failed |
Repeals the exception in current law that permits a financial institution or credit union authorized to do business in this state to disclose financial records about a customer without a lawful subpoena, summons, warrant or court order in response to a request for information related to establishing, modifying or enforcing tax liabilities, clarifies that a financial institution or credit union may not disclose records to any federal agency unless the records are disclosed. |
Other Consumer Privacy |
|
|
Maine |
H 1094, Special Session |
Consumer Control Over Sensitive Personal Data |
Pending - Carryover |
Provides for an individual's privacy regarding the collection and use of biometric identifiers of the individual and personal information connected to the biometric identifiers, requires a written release from an individual before a private entity may obtain or use biometric identifiers and requires the private entity to establish a policy for retention and destruction of the biometric identifiers. |
Biometrics or Facial Recognition |
|
Maine |
H 1217, Special Session |
Personal Health Data |
Pending - Carryover |
Protects personal health data. |
Other Consumer Privacy |
|
Maine |
H 1270, Special Session |
Data Privacy and Protection Act |
Pending - Carryover |
Enacts the data privacy and protection act, requires policies, practices and procedures for data privacy, prohibits retaliation for the exercise of a right relating to personal data and prohibits discriminatory practices in the collection, processing or transfer of personal data, relates to civil penalty. |
Comprehensive |
|
Maine |
S 646, Special Session |
Amendment to the Constitution |
Failed |
Proposes an amendment to the state constitution to recognize the right to personal privacy. |
Constitutional Amendment |
|
Maine |
S 807, Special Session |
Consumer Privacy Act |
Pending - Carryover |
Enacts the state consumer privacy act to entitle consumers to certain rights concerning the use of personal data. |
Comprehensive |
|
Maryland |
Biometric Data Privacy |
Failed - Adjourned |
Relates to commercial law, concerns consumer protection, concerns biometric data privacy. |
Biometrics or Facial Recognition |
|
|
Maryland |
Employers Prohibition on Facial Recognition Services |
Failed - Adjourned |
Defining the term "employer" to include state and local governments for the purposes of certain provisions of law that prohibit employers from using facial recognition technology for the purpose of creating a facial template during an applicant's interview for employment without the applicant's consent. |
Biometrics or Facial Recognition |
|
|
Maryland |
Online Consumer Protection and Biometric Data Privacy |
Failed - Adjourned |
Establishes generally the manner in which a controller or a processor may process a consumer's personal data, authorizes a consumer to exercise certain rights in regard to the consumer's personal data, requires a controller of personal data to establish a method for a consumer to exercise certain rights in regards to the consumer's personal data, regulates the use of biometric data by a controller. |
Comprehensive |
|
|
Maryland |
Legally Protected Health Care Information |
Enacted |
Regulates the disclosure of certain information related to legally protected health care by custodians of public records, health information exchanges, and electronic health networks, requires that the regulations adopted by the Maryland Health Care Commission regarding clinical information to be exchanged through the state-designated exchange restrict data of patients who have obtained legally protected health care, establishes the Protected Health Care Commission. |
Other Consumer Privacy |
|
|
Maryland |
Online Products Child Privacy and Protections |
Failed - Adjourned |
Requires a business that offers an online product likely to be accessed by children to complete a certain data protection impact assessment under certain circumstances, prohibits a business from offering a certain online product before completing a data protection impact assessment, requires businesses to document certain risks associated with certain online products, requires certain privacy protections for certain online products, prohibits certain data collection and sharing practices. |
Children’s Online Privacy |
|
|
Maryland |
Consumer Health Data Privacy |
Failed |
Regulates the collection and use of consumer health data by private entities, prohibits a private entity from certain collection and use of certain health data without the consent of the consumer, authorizes consumers to exercise certain rights in regards to the consumers' health data, requires private entities that collect consumer health data to make certain disclosures to consumers, prohibits a private entity that collects health data of a consumer from selling, leasing, or trading the data. |
Other Consumer Privacy |
|
|
Maryland |
Consumer Biometric Data Privacy |
Failed - Adjourned |
Regulates the use of biometric data by private entities, including by requiring certain private entities in possession of biometric data to develop a written policy, made available to the public, establishing a retention schedule and guidelines for permanent destruction of biometric data, authorizes an individual alleging a violation of the act to bring a civil action against the offending private entity, makes a violation of the act an unfair, abusive, or deceptive trade practice. |
Biometrics or Facial Recognition |
|
|
Maryland |
Consumer Protection Online and Biometric Data Privacy |
Failed - Adjourned |
Establishes generally the manner in which a controller or a processor may process a consumer's personal data, authorizes a consumer to exercise certain rights in regard to the consumer's personal data, requires a controller of personal data to establish a method for a consumer to exercise certain rights in regards to the consumer's personal data, regulates the use of biometric data by a controller. |
Comprehensive |
|
|
Maryland |
Consumer Health Data Privacy |
Failed - Adjourned |
Regulates the collection and use of consumer health data by private entities, prohibits a private entity from certain collection and use of certain health data without the consent of the consumer, authorizes consumers to exercise certain rights in regard to the consumer's health data, requires private entities that collect consumer health data to make certain disclosures to consumers, prohibits a private entity that collects health data of a consumer from selling, leasing, or trading the data. |
Other Consumer Privacy |
|
|
Maryland |
Online Products Data Protection Impact Assessment |
Failed - Adjourned |
Requires a business that offers an online product likely to be accessed by children to complete a certain data protection impact assessment under certain circumstances, prohibits a business from offering a certain online product before completing a data protection impact assessment, requires businesses to document certain risks associated with certain online products, requires certain privacy protections for certain online products, prohibits certain data collection and sharing practices. |
Children’s Online Privacy |
|
|
Maryland |
Scanning or Swiping Identification Cards |
Failed - Adjourned |
Prohibits a person from using a scanning device to scan or swipe an identification card or a driver's license of an individual to obtain personal information of the individual, prohibits a person from taking certain actions regarding information collected by scanning or swiping an individual's identification card or driver's license under certain circumstances, provides that a violation of the Act is an unfair, abusive, or deceptive trade practice under the Maryland Consumer Protection Act. |
Other Consumer Privacy |
|
|
Massachusetts |
Information Privacy and Security Act |
Pending |
Relates to the security and the protection of personal information by establishing the Massachusetts Information Privacy and Security Act. |
Comprehensive |
|
|
Massachusetts |
Biometric Information |
Pending |
Protects biometric information. |
Biometrics or Facial Recognition |
|
|
Massachusetts |
Internet Privacy Rights for Children |
Pending |
Relates to internet privacy rights for children. |
Children’s Online Privacy |
|
|
Massachusetts |
Data Privacy Protection Act |
Pending |
Establishes the Massachusetts Data Privacy Protection Act. |
Comprehensive |
|
|
Massachusetts |
Sale of Cell Phone Location Information |
Pending |
Relates to banning the sale of cell phone location information. |
Location Privacy |
|
|
Massachusetts |
Consumer Health Data |
Pending |
Relates to consumer health data. |
Other Consumer Privacy |
|
|
Massachusetts |
Advertising on the Internet |
Pending |
Regulates advertising on the internet. |
Website Privacy |
|
|
Massachusetts |
Student and Educator Data Privacy |
Pending |
Relates to student and educator data privacy. |
Children’s Online Privacy |
|
|
Massachusetts |
Mortgage Applications Privacy |
Pending |
Relates to mortgage applications privacy. |
Other Consumer Privacy |
|
|
Massachusetts |
Personal Data and the Free Movement of Personal Data |
Pending |
Provides for protections in the processing of personal data and the free movement of personal data. |
Comprehensive |
|
|
Massachusetts |
Certain Protected Judicial Officials and their Families |
Pending |
Relates to the public posting or displaying of the personal information of certain protected judicial officials and their family members. |
Information Brokers |
|
|
Massachusetts |
Internet Service Provider Data |
Pending |
Relates to internet service provider data. |
ISP Privacy |
|
|
Massachusetts |
Data Privacy Protection Act |
Pending |
Establishes the Massachusetts Data Privacy Protection Act. |
Comprehensive |
|
|
Massachusetts |
Private Electronic Communication |
Pending |
Protects private electronic communication, browsing and other activity. |
ISP Privacy |
|
|
Massachusetts |
Patient Privacy |
Pending |
Protects patient privacy and prevent unfair and deceptive advertising of pregnancy-related services. |
Other Consumer Privacy |
|
|
Massachusetts |
Consumer Health Data |
Pending |
Relates to consumer health data. |
Other Consumer Privacy |
|
|
Massachusetts |
Personal Biometric Data |
Pending |
Protects personal biometric data. |
Biometrics or Facial Recognition |
|
|
Massachusetts |
Internet Security and Privacy |
Pending |
Ensures internet security and privacy. |
ISP Privacy; Website Privacy |
|
|
Massachusetts |
Information Privacy and Security Act |
Pending |
Establishes the Massachusetts Information Privacy and Security Act. |
Comprehensive |
|
|
Massachusetts |
Student and Educator Data Privacy |
Pending |
Relates to student and educator data privacy. |
Children’s Online Privacy |
|
|
Massachusetts |
Waiting Room Patient Identity and Privacy Protection |
Pending |
Relates to patient identity and privacy protection in waiting rooms. |
Other Consumer Privacy |
|
|
Massachusetts |
Mental Health Impacts of Social Media |
Pending |
Taxes the mental health impacts of social media. |
Information Brokers |
|
|
Massachusetts |
Accountability in the Sale of Personal Data |
Pending |
Increases accountability in the sale of personal data. |
Information Brokers |
|
|
Michigan |
None |
|
|
|
|
|
Minnesota |
Geolocation and Smartphone Monitoring |
Pending - Carryover |
Relates to commerce, prohibits geolocation and smartphone monitoring of another in certain circumstances, provides a cause of action to individuals when geolocation information and other smartphone data has been recorded or shared. |
Location Privacy |
|
|
Minnesota |
Consumer Data Privacy |
Pending - Carryover |
Relates to consumer data privacy, gives various rights to consumers regarding personal data, places data transparency obligations on businesses, creates a private right of action, provides for enforcement by the attorney general. |
Comprehensive |
|
|
Minnesota |
Consumer Data Protection |
Pending - Carryover |
Provides that to safeguard the privacy, confidentiality, security, and integrity of a consumer's genetic data, a direct-to-consumer genetic testing company must take specified actions, including but not limited to providing easily accessible, clear, and complete information regarding the company's policies and procedures governing the collection, use, maintenance, and disclosure of genetic data by making available to a consumer all of the specified information written in plain language. |
Genetic Privacy |
|
|
Minnesota |
Genetic Information |
Pending - Carryover |
Relates to genetic information, modifies existing law on the use of genetic information by government entities, creates new consumer protection law regarding use of genetic information. |
Genetic Privacy |
|
|
Minnesota |
Consumer Data Privacy |
Pending - Carryover |
Relates to consumer data privacy, requires a consumer's consent prior to collecting personal information. |
Comprehensive |
|
|
Minnesota |
Data Privacy |
Pending - Carryover |
Relates to data privacy, establishes neurodata rights, modifies certain crimes to add neurodata elements, provides civil and criminal penalties. |
Other Consumer Privacy |
|
|
Minnesota |
Minnesota Age-Appropriate Design Code Act |
Pending - Carryover |
Provides that a business that develops and provides online services, products, or features that children are likely to access must consider the best interests of children when designing, developing, and providing that online service, product, or feature, provides for civil penalties. |
Children’s Online Privacy |
|
|
Minnesota |
Consumer Data Privacy |
Pending - Carryover |
Relates to consumer data privacy, gives various rights to consumers regarding personal data, places obligations on certain businesses regarding consumer data, provides for enforcement by the attorney general. |
Comprehensive |
|
|
Minnesota |
Data Privacy |
Pending - Carryover |
Relates to data privacy, requires consent before providers share audio or video data with third parties. |
Other Consumer Privacy |
|
|
Minnesota |
Private Data |
Pending - Carryover |
Relates to private data, establishes standards for biometric privacy, establishes a right of action. |
Biometrics or Facial Recognition |
|
|
Minnesota |
Health Care |
Pending - Carryover |
Relates to health care, limits the release of health records in cases related to reproductive health, prohibits certain acts by certain health-related licensing boards, prevents the enforcement of certain judgments related to reproductive health, restricts the enforcement of subpoenas issued in cases related to reproductive health, creates a cause of action for penalties and court costs for lawsuits related to reproductive health. |
Other Consumer Privacy |
|
|
Minnesota |
Geolocation and Smartphone Monitoring |
Pending - Carryover |
Relates to commerce, prohibits geolocation and smartphone monitoring of another in certain circumstances, provides a cause of action to individuals when geolocation information and other smartphone data has been recorded or shared. |
Location Privacy |
|
|
Minnesota |
Consumer Data Privacy |
Pending - Carryover |
Relates to consumer data privacy, requires a consumer's consent prior to collecting personal information. |
Comprehensive |
|
|
Minnesota |
Private Data |
Pending - Carryover |
Relates to private data, establishes standards for biometric privacy, establishes a right of action. |
Biometrics or Facial Recognition |
|
|
Minnesota |
Data Privacy |
Pending - Carryover |
Relates to data privacy, establishes neurodata rights, modifies certain crimes to add neurodata elements, provides civil and criminal penalties. |
Other Consumer Privacy |
|
|
Minnesota |
Consumer Data Protection |
Pending - Carryover |
Relates to consumer data protection, requires direct-to-consumer genetic testing companies to provide disclosure notices and obtain consent. |
Genetic Privacy |
|
|
Minnesota |
Genetic Information |
Pending - Carryover |
Relates to genetic information, modifies existing law on the use of genetic information by government entities, creates new consumer protection law regarding use of genetic information. |
Genetic Privacy |
|
|
Minnesota |
Data Privacy |
Pending - Carryover |
Relates to data privacy, requires consent before providers share audio or video data with third parties. |
Other Consumer Privacy |
|
|
Minnesota |
Health Care Records |
Pending - Carryover |
Relates to health care, limits the release of health records in cases related to reproductive health, prohibits certain acts by certain health-related licensing boards, prevents the enforcement of certain judgments related to reproductive health, restricts the enforcement of subpoenas issued in cases related to reproductive health, creates a cause of action for penalties and court costs for lawsuits related to reproductive health. |
Other Consumer Privacy |
|
|
Minnesota |
Insurance Discounts and Rate Reductions |
Pending - Carryover |
Relates to commerce, authorizes administrative rulemaking, prohibits price gouging, establishes notice requirements, prescribes penalties, modifies provisions governing emergency closures, eliminates certain examination requirements, modifies and adds provisions governing the sale of certain motor vehicles, regulates nonbank mortgage servicers, requires a report, modifies provisions governing life insurance, specifies provisions for third-party payers and dental providers. |
Genetic Privacy |
|
|
Minnesota |
Biennial Budget for the Department of Commerce |
Enacted |
Establishes a biennial budget for Department of Commerce and related activities, adds and modifies various provisions governing health, property, life, homeowners, and automobile insurance, regulates financial institutions, modifies provisions governing financial institutions, provides for certain consumer protections and privacy, establishes civil and criminal penalties, appropriates funds. |
Genetic Privacy |
|
|
Minnesota |
Consumer Data Privacy |
Pending - Carryover |
Relates to consumer data privacy, creates the Minnesota Age-Appropriate Design Code Act, places obligations on certain businesses regarding children's consumer information, provides for enforcement by the attorney general, provides that a business that develops and provides online services, products, or features that children are likely to access must consider the best interests of children when designing, developing, and providing that online service, product, or feature. |
Children’s Online Privacy |
|
|
Minnesota |
Consumer Data Privacy |
Pending - Carryover |
Relates to consumer data privacy, gives various rights to consumers regarding personal data, places obligations on certain businesses regarding consumer data, provides for enforcement by the attorney general. |
Comprehensive |
|
|
Minnesota |
Data Practices |
Pending - Carryover |
Relates to data practices, requires informed consent for collection, use, and dissemination of genetic information, authorizes civil remedies. |
Genetic Privacy |
|
|
Mississippi |
Prohibit Use of Embedded Tech in Terminals to Scan Info |
Failed |
Prohibits certain retailers and retail establishments from using embedded technology programs in self-checkout terminals or self-service checkouts to scan information on a consumer's driver's license to verify the age of consumer attempting to purchase certain items, requires the age verification be performed by an employee of the retail establishment when age verification is necessary to complete a purchase. |
Other Consumer Privacy |
|
|
Mississippi |
Biometric Identifiers Privacy Act |
Failed |
Creates the Biometric Identifiers Privacy Act, provides legislative findings, defines terms relating to biometric identifiers, requires private entities in possession of biometric identifiers to develop a policy that establishes a retention schedule and guidelines for destroying the biometric identifiers of individuals, provides certain requirements and restrictions for private entities that collect biometric identifiers. |
Biometrics or Facial Recognition |
|
|
Mississippi |
Right to Personal Reproductive Decisions |
Failed |
Proposes to amend the state constitution of specified year by creating a new section establishing the right to personal reproductive decisions. |
Constitutional Amendment; Other Consumer Privacy |
|
|
Mississippi |
Consumer Data Privacy Act |
Failed |
Creates the State Consumer Data Privacy Act, authorizes consumers to request that businesses disclose certain information, authorizes consumers to request that businesses delete personal information collected by businesses, requires businesses to disclose certain information to consumers, to inform consumers of their right to request that personal information be deleted, and to delete personal information collected about consumers upon request. |
Comprehensive |
|
|
Mississippi |
Pornographic Media Exposure to Children |
Enacted |
Regulates pornographic media exposure to children, provides the legislative intent, provides definitions, requires commercial entities that provide such content to have age verification systems, provides liability for those commercial entities that do not provide an age verification. |
Other Consumer Privacy |
|
|
Missouri |
Biometric Information Privacy Act |
Failed - Adjourned |
Establishes the Biometric Information Privacy Act. |
Biometrics or Facial Recognition |
|
|
Missouri |
Biometric Information Privacy Act |
Failed - Adjourned |
Establishes the Biometric Information Privacy Act. |
Biometrics or Facial Recognition |
|
|
Missouri |
Protecting the Privacy of Online Customer Information |
Failed - Adjourned |
Establishes provisions relating to protecting the privacy of online customer information. |
ISP Privacy |
|
|
Missouri |
Data Privacy in Public Elementary and Secondary Schools |
Failed - Adjourned |
Creates provisions relating to data privacy in public elementary and secondary schools. |
Children’s Online Privacy |
|
|
Montana |
Health Digital Services and Applications Privacy |
Failed |
Revises health privacy laws, establishes confidentiality standards for digital health care, provides for remedies for noncompliance, provides additional requirements for a mental health digital service, provides definitions. |
Other Consumer Privacy |
|
|
Montana |
Pupil Data Privacy Protections |
Failed |
Revises pupil data privacy protections, relates to communications, relates to information technology, relates to privacy, relates to schools and education. |
Children’s Online Privacy |
|
|
Montana |
Providing Agricultural Data Collection Protections |
Failed |
Concerns the providing agricultural data collection protections, relates to privacy, relates to state revenue. |
Information Brokers |
|
|
Montana |
Right to Privacy |
Enacted |
Defines the right to individual privacy, clarifies that the right of privacy does not include the right to abortion. |
Other Consumer Privacy |
|
|
Montana |
Biometric Data |
Enacted |
Revises privacy laws related to biometric privacy, creates the genetic information privacy act, requires a company to provide consumer information regarding the collection, use, and disclosure of genetic data, provides for limitations and exclusions, provides for enforcement authority. |
Genetic Privacy |
|
|
Montana |
Consumer Privacy Laws |
Enacted |
Establishes the consumer data privacy act, provides definitions, establishes applicability, provides for consumer rights to personal data, establishes requirements and limitations for a controller of personal data, establishes requirements and limitations for a processor of personal data, provides for data protection assessments, provides exemptions and compliance requirements, provides for enforcement. |
Comprehensive |
|
|
Montana |
Internet Laws Related to Material Harmful to Minors |
Enacted |
Provides for liability for the publishing or distribution of material harmful to minors on the internet, provides for reasonable age verification, provides for individual rights of action, provides for attorney fees, court costs, and punitive damages, provides for exceptions, requiring a report by the Department of Justice for enforcement activity, provides for a fee, provides definitions. |
Other Consumer Privacy |
|
|
Nebraska |
Genetic Information Privacy Act |
Pending - Carryover |
Adopts the Genetic Information Privacy Act. |
Genetic Privacy |
|
|
Nebraska |
Protect the Right of Individual Privacy |
Pending - Carryover |
Constitutional amendment to protect the right of individual privacy. |
Constitutional Amendment |
|
|
Nevada |
Internet Privacy |
Failed |
Relates to internet privacy, imposes certain requirements on certain businesses that provide an online service, product or feature that is likely to be accessed by children, exempts certain information and entities from those requirements, provides a civil penalty for violations of those requirements, requires the attorney general to take certain actions before bringing a civil action against a business to recover such a civil penalty under certain circumstances. |
Children’s Online Privacy; Other Consumer Privacy |
|
|
Nevada |
Consumer Data Collection |
Failed |
Establishes provisions governing the collection of the consumer data of Nevada consumers. |
Information Brokers |
|
|
Nevada |
Consumer Health Data |
Enacted |
Relates to data privacy, requires certain entities to develop, maintain and make available on the internet a policy concerning the privacy of consumer health data, prohibits such an entity from collecting or sharing consumer health data without the affirmative consent of a consumer in certain circumstances, requires such an entity to perform certain actions upon the request of a consumer. |
Other Consumer Privacy |
|
|
New Hampshire |
Privacy Rights |
Pending |
Provides that no currency, whether tangible, digital, or otherwise, which inherently compromises privacy by provision of transaction or usage details to any government agency or partner, allows programming of prohibited or mandatory uses, has the ability to block or refuse any lawful transactions, can be connected to any form of credit score, can be programmed with an expiration date, or can be programmed with non-market driven inflation, may be used as legal tender by any entity for any debts in the state. |
Other Consumer Privacy |
|
|
New Hampshire |
Expectation of Privacy |
Pending |
Details a consumer expectation of privacy. |
Comprehensive |
|
|
New Jersey |
Disclosure and Accountability Transparency Act |
Pending |
Relates to state Disclosure and Accountability Transparency Act (DATA), establishes certain requirements for disclosure and processing of personally identifiable information, establishes Office of Data Protection and Responsible Use in Division of Consumer Affairs. |
Comprehensive |
|
|
New Jersey |
DNA Samples and Genetic Information Ownership |
Pending |
Makes DNA samples and genetic information resulting from DNA analysis property of the person sampled or analyzed. |
Genetic Privacy |
|
|
New Jersey |
Internet Subscribers Confidential Personal Information |
Pending |
Requires internet service providers to keep confidential subscriber's personally identifiable information unless subscriber authorizes internet service provider in writing to disclose information. |
ISP Privacy |
|
|
New Jersey |
Mobile Service Provider Third Party Restrictions |
Pending |
Prohibits providers of commercial mobile service and developers of mobile application from disclosing customers global position system data to third parties under certain circumstances. |
Location Privacy |
|
|
New Jersey |
Internet Service Providers |
Pending |
Requires internet service providers to keep confidential subscriber personally identifiable information unless subscriber authorizes internet service provider in writing or email to disclose information, prohibits subscriber penalty. |
ISP Privacy |
|
|
New Jersey |
Commercial Internet Websites Consumer Information |
Pending |
Requires online services to notify consumers of collection and disclosure of personally identifiable information and allows consumers to opt in. |
Website Privacy |
|
|
New Jersey |
Internet Service Providers Confidentiality Requirements |
Pending |
Requires internet service providers to keep confidential and prohibit any disclosure, sale, or unauthorized access to subscriber's personally identifiable information unless subscriber authorizes internet service provider in writing to disclose information. |
ISP Privacy |
|
|
New Jersey |
Consumer Personal Information Protection |
Pending |
Provides that every consumer reporting agency shall, to the extent it is technologically feasible, encrypt the personal information of consumers held by or transferred by the consumer reporting agency. |
Other Consumer Privacy |
|
|
New Jersey |
Microphone Enabled Devices Act |
Pending |
Creates the Microphone Enabled Devices Act, requires user consent before enabling device microphone. |
Connected Devices |
|
|
New Jersey |
Human Trafficking and Child Exploitation Prevention Act |
Pending |
Concerns the Human Trafficking and Child Exploitation Prevention Act, requires internet-connected devices to have blocking capability in certain circumstances. |
Other Consumer Privacy |
|
|
New Jersey |
Provision of Personal Health Information |
Pending |
Prohibits certain entities from requesting or requiring provision of personal health information. |
Other Consumer Privacy |
|
|
New Jersey |
Motor Vehicle Dealer and Personal Information |
Pending |
Requires motor vehicle dealer to delete personal information from motor vehicle computer system prior to resale or lease. |
Other Consumer Privacy |
|
|
New Jersey |
Data Broker Registry |
Pending |
Establishes data broker registry. |
Information Brokers |
|
|
New Jersey |
Childrens Data Protection Commission |
Pending |
Concerns social media privacy and data management for children and establishes New Jersey Children's Data Protection Commission. |
Children’s Online Privacy; Studies, Task Forces, or Commissions |
|
|
New Jersey |
Personal Health Information Acquisitions or Disclosures |
Pending |
Prohibits acquisitions or disclosures of personal health information without consent. |
Biometrics or Facial Recognition; Other Consumer Privacy |
|
|
New Jersey |
Data Brokers Registration |
Pending |
Requires registration of data brokers, prohibits brokering of certain health records. |
Information Brokers |
|
|
New Jersey |
Biometric Identifier Information Collection |
Pending |
Prohibits collection of biometric identifier information by public or private entity under certain circumstances. |
Biometrics or Facial Recognition |
|
|
New Jersey |
Business Biometric Surveillance System Prohibition |
Pending |
Prohibits use of biometric surveillance system by business entity under certain circumstances. |
Biometrics or Facial Recognition |
|
|
New Jersey |
Online Services Consumer Notification |
Pending |
Requires online services to notify consumers of collection and disclosure of personally identifiable information and allows consumers to opt in, defines business as a sole proprietorship, partnership, limited liability company, corporation, association, or other legal entity that is organized or operated for the profit or financial benefit of its shareholders or other owners, that collects consumers' personal information. |
Website Privacy |
|
|
New Jersey |
Personal Health Information |
Pending |
Prohibits certain entities from requesting or requiring provision of personal health information. |
Other Consumer Privacy |
|
|
New Jersey |
Information Technology System Protection Loan |
Pending |
Requires Economic Development Authority to establish program offering low interest loan to certain financial institutions and personal data businesses to protect business's information technology system from customer personal information disclosure. |
Other Consumer Privacy |
|
|
New Jersey |
Mercantile Merchandise Return Regulations |
Pending |
Prohibits retail mercantile establishments from requiring certain consumer identification for return of merchandise. |
Other Consumer Privacy |
|
|
New Jersey |
Consumer Reporting Agencies Information Protection |
Pending |
Requires consumer reporting agencies to increase protection of consumers' personal information. |
Other Consumer Privacy |
|
|
New Jersey |
Individually Identifiable Health Information |
Pending |
Prohibits teaching staff members from inputting information and conversations regarding individually identifiable health information into third party software applications managed by entities engaging in partisan political activity. |
Other Consumer Privacy |
|
|
New Jersey |
Motor Vehicle Computer System |
Pending |
Requires motor vehicle dealer to delete personal information from motor vehicle computer system prior to resale or lease. |
Other Consumer Privacy |
|
|
New Jersey |
Customers Global Position System Data |
Pending |
Prohibits providers of commercial mobile service and developers of mobile application from disclosing customer's global position system data to third parties under certain circumstances. |
Location Privacy |
|
|
New Jersey |
Children Data Protection Commission |
Pending |
Concerns social media privacy and data management for children and establishes the State Children's Data Protection Commission. |
Children’s Online Privacy |
|
|
New Jersey |
Facial Recognition Technology Uses |
Pending |
Prohibits use of facial recognition technology on consumer expect for legitimate safety purpose. |
Biometrics or Facial Recognition |
|
|
New Jersey |
Personal Identifiable Information Disclosures |
Pending |
Regards the New Jersey Disclosure and Accountability Transparency Act (NJ DATA), establishes certain requirements for disclosure and processing of personally identifiable information, establishes Office of Data Protection and Responsible Use in Division of Consumer Affairs. |
Comprehensive |
|
|
New Mexico |
Dissemination of Health Data |
Failed - Adjourned |
Relates to dissemination of certain health data. |
Other Consumer Privacy |
|
|
New Mexico |
Age Appropriate Design Code Act |
Failed - Adjourned |
Relates to the Age-Appropriate Design Code Act. |
Children’s Online Privacy |
|
|
New York |
Multiple Dwelling Law |
Pending |
Relates to the multiple dwelling law and the multiple residence law, relates to the use of smart access systems and the information that may be gathered from such systems, provides that owners or their agents shall provide notice to a tenant or lawful occupant at the time the tenant or lawful occupant signs the lease, or when the smart access system is installed, of the provisions of subdivision two of this section. |
Biometrics or Facial Recognition |
|
|
New York |
Use of a Facial Recognition System by Landlord |
Pending |
Prohibits the use of a facial recognition system by a landlord on any residential premises. |
Biometrics or Facial Recognition |
|
|
New York |
Disclosure of Personal Information by Businesses |
Pending |
Restricts the disclosure of personal information by businesses, provides that a business that retains a customer's personal information shall make available to the customer free of charge access to, or copies of, all the customer's personal information retained by the business. |
Comprehensive |
|
|
New York |
Consent To Collection of Personal Information |
Pending |
Requires express and affirmative consent prior to collection, storage or transmittal of any personal information obtained from the installation or use of a smart home connected system by certain persons. |
Connected Devices |
|
|
New York |
Parental Disclosures by Internet Platforms |
Pending |
Provides that upon request from a verified parent of a minor, an operator service who collects or maintains personal information from or about the user of or visitors to an platform or online service shall, to the extent practicable provide the verified parent with digital or physical copies of all advertisements and other content which the minor was shown by the operator on the operator's platform that were shown solely based on the minor's identifiers. |
Children’s Online Privacy |
|
|
New York |
Biometric Privacy Act |
Pending |
Establishes the biometric privacy act, requires private entities in possession of biometric identifiers or biometric information to develop a written policy establishing a retention schedule and guidelines for permanently destroying biometric identifiers and biometric information when the initial purpose for collecting or obtaining such identifiers or information has been satisfied or within three years of the individual's last interaction with the private entity, whichever occurs first. |
Biometrics or Facial Recognition |
|
|
New York |
Online Consumer Protection Act |
Pending |
Relates to establishing the online consumer protection act, defines terms, provides that an advertising network shall post clear and conspicuous notice on the home page of its own website about its privacy policy and its data collection and use practices related to its advertising delivery activities, makes related provisions. |
Website Privacy |
|
|
New York |
Disclosure of Personally Identifiable Information |
Pending |
Prohibits the disclosure of personally identifiable information by an internet service provider without the express written approval of the consumer. |
ISP Privacy |
|
|
New York |
Insurer Demands for Personal and Financial Information |
Pending |
Restricts insurers from demanding intrusive personal, financial and tax information from insureds as a standard practice in processing ordinary theft claims where no special circumstances warranting a demand for such information exists. |
Other Consumer Privacy |
|
|
New York |
Retailer Warning Signs of the Tracking of Customers |
Pending |
Requires retailers to post warning signs of the tracking of customers through cell phones or other electronic devices, provides for civil penalties. |
Other Consumer Privacy |
|
|
New York |
General Protection Data Regulation Study |
Pending |
Establishes a commission to study the European Union's general protection data regulation and the current state of cyber security in the state. |
Studies, Task Forces, or Commissions |
|
|
New York |
New York Data Protection Act |
Pending |
Establishes the New York Data Protection Act, requires government entities and contractors to disclose certain personal information collected about individuals. |
Comprehensive |
|
|
New York |
Use of Biometric Identity Verification Devices |
Pending |
Relates to the use of biometric identity verification devices for the purchase of alcoholic beverages and tobacco products, authorizes a licensee, its agent or employee to determine a person's age when purchasing alcoholic beverages or tobacco products by use of a biometric identity verification device, establishes where the use of the device indicates that the person is under the age of 21, the attempted purchase of the alcoholic beverage shall be denied. |
Biometrics or Facial Recognition |
|
|
New York |
Facial Recognition Technology Study Act |
Pending |
Enacts the "facial recognition technology study act" to study privacy concerns and potential regulatory approaches to the development of facial recognition technology. |
Biometrics or Facial Recognition; Studies, Task Forces, or Commissions |
|
|
New York |
Life Insurers |
Pending |
Authorizes life insurers to establish wellness programs, provides that with regard to life insurance, an insurer is prohibited from increasing premiums or charges stated in the policy as a result of participation or non-participation in the program, provides that a wellness program may include, but is not limited to, specified programs or services, including preventative care, screenings, or chronic disease management program and a meditation, sleep improvement or similar program or service. |
Biometrics or Facial Recognition |
|
|
New York |
Critical Energy Infrastructure Security |
Enacted |
Relates to critical energy infrastructure security and responsibility, provides that the Public Service Commission shall have power to provide for management and operations audits of gas corporations and electric corporations, provides that the audit shall include, but not be limited to, an evaluation of customer privacy protections, including but not limited to customer electrical and gas consumption data, provides that customer electric and gas consumption data shall be considered confidential. |
Other Consumer Privacy |
|
|
New York |
Privacy Standards for Electronic Health Products |
Pending |
Creates privacy standards for electronic health products and services, requires consent to be given for the collection and/or sharing of personal health information or other personal data. |
Other Consumer Privacy |
|
|
New York |
Digital Fairness Act |
Pending |
Enacts the Digital Fairness Act, requires any entity that conducts business in New York and maintains the personal information of 500 or more individuals to provide meaningful notice about their use of personal information, establishes unlawful discriminatory practices relating to targeted advertising. |
Comprehensive |
|
|
New York |
State Privacy Act |
Pending |
Enacts the State Privacy Act to require companies to disclose their methods of de-identifying personal information, to place special safeguards around data sharing and to allow consumers to obtain the names of all entities with whom their information is shared. |
Comprehensive |
|
|
New York |
Excise Tax on Collection of Consumer Data |
Pending |
Creates an excise tax on the collection of consumer data by commercial data collectors. |
Information Brokers |
|
|
New York |
Personal Information Collection |
Pending |
Grants a consumer a right to request a business to disclose the categories and specific pieces of personal information that it collects about the consumer, the categories of sources from which that information is collected, the business purposes for collecting or selling the information, and the categories of third parties with which the information is shared. |
Comprehensive |
|
|
New York |
Child Data Privacy Protection Act |
Pending |
Amends the General Business Law, enacts the State Child Data Privacy Protection Act to prevent the exploitation of children's data, requires data controllers to assess the impact of its products on children for review by the Bureau of Internet and Technology, bans certain data collection and targeted advertising. |
Children’s Online Privacy |
|
|
New York |
Use of Voice Recognition Features |
Pending |
Provides that a person or entity shall not provide the operation of a voice recognition feature within this state without prominently informing, during the initial setup or installation of a connected device, either the user or the person designated by the user to perform the initial setup or installation of the connected device of the functions of the device, that the device may be recording the user, and that the entity that makes the device may be retaining these recordings. |
Connected Devices |
|
|
New York |
Consumers Foundational Data Privacy Rights |
Pending |
Establishes consumers' foundational data privacy rights, creates oversight mechanisms, establishes enforcement mechanisms, establishes the Privacy and Security Victims Relief Fund. |
Comprehensive |
|
|
New York |
Baby Monitors |
Pending |
Prohibits retailers and secondhand dealers from selling, offering for sale, leasing or otherwise making available a baby monitor that broadcasts audio or video through an internet connection unless it includes certain security features to prevent unauthorized access, requires a written warning label. |
Connected Devices |
|
|
New York |
New York Data Protection Act |
Pending |
Amends the general business law, in relation to the management and oversight of personal data, enacts the New York Data Protection Act. |
Comprehensive |
|
|
New York |
Genetic Testing Results |
Pending |
Requires genetic testing results only be received by patients and health care providers providing direct care while health insurance companies only receive a record that the genetic testing was performed, provides insurers cannot require access to genetic testing results and cannot take adverse action against someone for not providing genetic testing results. |
Genetic Privacy |
|
|
New York |
Use of Biometric Surveillance System |
Pending |
Prohibits the use of biometric surveillance system or biometric surveillance information in places of public accommodation, prohibits entering into any agreement that authorizes any third party to use any biometric surveillance system or biometric surveillance information, provides penalties for violations. |
Biometrics or Facial Recognition |
|
|
New York |
New York Health Information Privacy Act |
Pending |
Providing for the protection of health information, provides definitions, provides that all notices, disclosures, forms, and other communications to individuals provided pursuant to this article shall comply with using plain, straightforward language, avoiding technical or legal jargon, and must be provided through an interface regularly used in conjunction with the regulated entity's product or service. |
Other Consumer Privacy |
|
|
New York |
Privacy Act |
Pending |
Relates to the management and oversight of personal data, relates to enacting the New York Privacy Act. |
Comprehensive |
|
|
New York |
Use of Voice Recognition Features on Products |
Pending |
Provides that a person or entity shall not provide the operation of a voice recognition feature within this state without prominently informing, during the initial setup or installation of a connected device, either the user or the person designated by the user to perform the initial setup or installation of the connected device of the functions of the device, that the device may be recording the user, and that the entity that makes the device may be retaining these recordings. |
Connected Devices |
|
|
New York |
Excise Tax on Collection of Consumer Data |
Pending |
Creates an excise tax on the collection of consumer data by commercial data collectors. |
Information Brokers |
|
|
New York |
Use of Electronic or Computerized Entry Systems |
Pending |
Relates to the use of smart access systems and the information that may be gathered from such systems, limits to account information necessary to enable the use of such smart access system, or reference data any smart access system should gathered, prohibits location tracking, including but not limited to satellite location based services, shall be included in any equipment, key, or software provided to users as part of a smart access system. |
Biometrics or Facial Recognition |
|
|
New York |
Digital Fairness Act |
Pending |
Enacts the "Digital Fairness Act," requires any entity that conducts business in New York and maintains the personal information of 500 or more individuals to provide meaningful notice about their use of personal information, establishes unlawful discriminatory practices relating to targeted advertising. |
Comprehensive |
|
|
New York |
Parental Disclosures by Internet Platforms |
Pending |
Discloses to a parent the personal information and content about a minor collected by an operator of an internet platform when a parent requests such information. |
Children’s Online Privacy |
|
|
New York |
Use of Biometric Data for Advertising |
Pending |
Relates to prohibiting private entities from using biometric data for any advertising, detailing, marketing, promotion, or any other activity that is intended to be used to influence business volume, sales or market share or to evaluate the effectiveness of marketing practices or marketing personnel. |
Biometrics or Facial Recognition |
|
|
New York |
Retailer Warning Signs of Tracking of Customers |
Pending |
Requires retailers to post warning signs of the tracking of customers through cell phones or other electronic devices, provides for civil penalties. |
Other Consumer Privacy |
|
|
New York |
Use of a Facial Recognition System by a Landlord |
Pending |
Prohibits the use of a facial recognition system by a landlord on any residential premises. |
Biometrics or Facial Recognition |
|
|
New York |
Personal Information of a Credit or Debit Card Holder |
Pending |
Relates to the personal information of a credit or debit card holder, adds ZIP code, e-mail address and home, cell and work telephone numbers to the personal information protected. |
Other Consumer Privacy |
|
|
New York |
Online Consumer Protection Act |
Pending |
Establishes the Online Consumer Protection Act, defines terms, provides that an advertising network shall post clear and conspicuous notice on the home page of its own website about its privacy policy and its data collection and use practices related to its advertising delivery activities, makes related provisions. |
Website Privacy |
|
|
New York |
Consumer Right to Request Disclosure of Information |
Pending |
Grants a consumer a right to request a business to disclose the categories and specific pieces of personal information that it collects about the consumer, the categories of sources from which that information is collected, the business purposes for collecting or selling the information, and the categories of third parties with which the information is shared. |
Comprehensive |
|
|
New York |
Disclosure of Personal Information by Businesses |
Pending |
Restricts the disclosure of personal information by businesses, provides that a business that retains a customer's personal information shall make available to the customer free of charge access to, or copies of, all the customer's personal information retained by the business. |
Other Consumer Privacy |
|
|
New York |
Unlawful Use of Driver's License or ID Card |
Pending |
Relates to the unlawful use of a New York driver's license or identification card. |
Other Consumer Privacy |
|
|
New York |
State Child Data Privacy Protection Act |
Pending |
Enacts the New York Child Data Privacy Protection Act to prevent the exploitation of children's data, requires data controllers to assess the impact of its products on children for review by the bureau of internet and technology, bans certain data collection and targeted advertising. |
Children’s Online Privacy |
|
|
New York |
State Data Protection Act |
Pending |
Establishes the State Data Protection Act, requires government entities and contractors to disclose certain personal information collected about individuals. |
Comprehensive |
|
|
New York |
Disclosure of Personally Identifiable Information |
Pending |
Prohibits the disclosure of personally identifiable information by an internet service provider without the express written approval of the consumer. |
ISP Privacy |
|
|
New York |
Privacy Protection Policies on Internet Websites |
Pending |
Relates to privacy protection policies on internet websites, online services, online applications and mobile applications that collect Social Security numbers. |
Website Privacy |
|
|
New York |
Biometric Privacy Act |
Pending |
Establishes the Biometric Privacy Act, requires private entities in possession of biometric identifiers or biometric information to develop a written policy establishing a retention schedule and guidelines for permanently destroying biometric identifiers and biometric information when the initial purpose for collecting or obtaining such identifiers or information has been satisfied or within three years of the individual's last interaction with the private entity, whichever occurs first. |
Biometrics or Facial Recognition |
|
|
New York |
Sale of Personal Information by ISP |
Pending |
Relates to the sale of personal information by an internet service provider. |
ISP Privacy |
|
|
New York |
Unlawful Possession of a Patient Record |
Pending |
Relates to the unlawful possession of a patient record, makes such offense a class A misdemeanor. |
Other Consumer Privacy |
|
|
New York |
Inherent Right of Each Person to Personal Privacy |
Pending |
Provides that the inherent right of each person to personal privacy shall not be infringed. |
Constitutional Amendment |
|
|
New York |
It's Your Data Act |
Pending |
Establishes the It's Your Data Act for the purposes of providing protections and transparency in the collection, use, retention, and sharing of personal information. |
Comprehensive |
|
|
New York |
Data Economy Labor Compensation and Accountability Act |
Pending |
Enacts the "Data Economy Labor Compensation and Accountability Act," establishes the office of consumer data protection for the purpose of properly safeguarding personal data, imposes a tax on data controllers and data processors required to register with such office. |
Information Brokers |
|
|
New York |
Life Insurers |
To governor |
Authorizes life insurers to establish wellness programs in conjunction with the issuance of life insurance policies, provides for full or partial reimbursement for the cost of a device and associated subscription that can be used to track activity or biometric data, provides for discounts on life insurance and on products or services intended to incent positive behavioral changes. |
Biometrics or Facial Recognition |
|
|
New York |
Entities Providing Electronic Communications Services |
Pending |
Prohibits persons or entities headquartered or incorporated in New York that provide electronic communications services to the public, from producing records that would reveal the identity of the customers using those services, data stored by or on behalf of the customers, the customers' usage of those services, the recipient or destination of communications sent to or from those customers, or the content of those communications. |
ISP Privacy |
|
|
New York |
Regulation of Social Media Companies and Platforms |
Pending |
Relates to the regulation of social media companies and social media platforms, provides for age requirements for the use of social media and parental consent, prohibits certain data collection from social media accounts, limits the hours a minor can have access to social media, establishes penalties for violations. |
Children’s Online Privacy |
|
|
New York |
Use of Biometric Identity Verification Devices |
Pending |
Relates to the use of biometric identity verification devices for the purchase of alcoholic beverages and tobacco products, authorizes a licensee, its agent or employee to determine a person's age when purchasing alcoholic beverages or tobacco products by use of a biometric identity verification device, establishes where the use of the device indicates that the person is under the age of 21, the attempted purchase of the alcoholic beverage shall be denied. |
Biometrics or Facial Recognition |
|
|
New York |
Use of Biometric Surveillance Systems |
Pending |
Prohibits the use of biometric surveillance system or biometric surveillance information in places of public accommodation, prohibits entering into any agreement that authorizes any third party to use any biometric surveillance system or biometric surveillance information, provides penalties for violations. |
Biometrics or Facial Recognition |
|
|
North Carolina |
Pornography Age Verification Enforcement Act |
Pending |
Creates liability for publishers and distributors of material harmful to minors, provides that any commercial entity that knowingly and intentionally publishes or distributes material harmful to minors on the internet from a website that contains a substantial portion of such material shall be subject to civil penalties if the entity fails to perform reasonable age verification methods. |
Other Consumer Privacy |
|
|
North Carolina |
Social Media Addiction |
Pending |
Combats social media addiction by requiring that social media platforms respect the privacy of state users' data and not use a state minor's data for advertising or algorithmic recommendations and makes willful violations of data user privacy an unfair practice under General Statutes. |
Children’s Online Privacy; Studies, Task Forces, or Commissions |
|
|
North Carolina |
Protected Health Information |
Pending |
Enhances protections against the use, disclosure, or sale of protected health information by requiring a notice of data sale or transfer. |
Other Consumer Privacy |
|
|
North Carolina |
Let Parents Choose or Sammy's Law of 2023 |
Pending |
Enacts the Let Parents Choose Protection Act of 2023 to facilitate management of the social media interactions of children. |
Children’s Online Privacy |
|
|
North Carolina |
Consumer Privacy Act |
Pending |
Protects consumers by enacting the Consumer Privacy Act of the state. |
Comprehensive |
|
|
North Dakota |
None |
|
|
|
|
|
N. Mariana Islands |
Not available |
|
|
|
|
|
Ohio |
None |
|
|
|
|
|
Oklahoma |
Privacy of Computer Data |
Pending - Carryover |
Relates to privacy of computer data, enacts the State Computer Data Privacy Act, defines terms, provides for applicability of act to certain businesses that collect consumers' personal information, provides exemptions, prescribes compliance with other laws and legal proceedings, requires act to be liberally construed to align its effects with other laws relating to privacy and protection of personal information, provides for controlling effect of federal law. |
Comprehensive |
|
|
Oregon |
License Brokered Personal Data |
Enacted |
Provides that data broker may not collect, sell or license brokered personal data within this state unless data broker first registers with Department of Consumer and Business Services. |
Information Brokers |
|
|
Oregon |
Attorney General |
Failed |
Requires attorney general to study privacy. |
Studies, Task Forces, or Commissions |
|
|
Oregon |
Hotel Guest Personal Information Disclosure |
Failed |
Prohibits hotelkeeper or innkeeper from requiring qualified victim services program that facilitates reservation or rental of guest room in hotel or inn to disclose personal information of victim of domestic violence, sexual assault or stalking. |
Other Consumer Privacy |
|
|
Oregon |
Proprietors of Electronic Communications Network |
Failed |
Prohibits proprietor of electronic communications network from selling, sharing, transmitting, transferring or otherwise providing to any person information that reveals time and date at which or geographical location in this state from which mobile electronic communication device that resident individual owns, controls or possesses connected to or communicated with proprietor's electronic communications network. |
ISP Privacy; Location Privacy |
|
|
Oregon |
Protected Health Information of Individual |
Failed |
Requires health insurers, state health plans, health care providers and other covered entities to comply with request of individual or personal representative of individual to restrict or opt out of disclosure of protected health information of individual. |
Other Consumer Privacy |
|
|
Oregon |
Online Products Services or Features |
Failed |
Requires business that provides online product, service or feature that child is reasonably likely to access to identify, evaluate and mitigate risks to child from online product, service or feature. |
Children’s Online Privacy; Studies, Task Forces, or Commissions |
|
|
Oregon |
Consumer Personal Data Confirmation |
Enacted |
Permits consumers to obtain from a controller that processes consumer personal data confirmation as to whether controller is processing consumer's personal data and categories of personal data controller is processing, a list of specific third parties to which controller has disclosed consumer's personal data, and a copy of all of consumer's personal data that controller has processed or is processing. |
Comprehensive |
|
|
Oregon |
Personally Identifiable Information of Consumers |
Failed |
Requires person who operates website or online service for commercial purposes that collects consumers' personally identifiable information to develop, maintain and implement data management practices policy and post policy or link to policy prominently on website or online service home page. |
Website Privacy |
|
|
Pennsylvania |
Protection of Certain Personal Data of Consumers |
Pending |
Provides for protection of certain personal data of consumers, imposes duties on controllers and processors of personal data of consumers, provides for enforcement, prescribes penalties, establishes the Consumer Privacy Fund. |
Comprehensive |
|
|
Pennsylvania |
Insurance Data Security |
Enacted |
Relates to regulation of insurers and related persons generally, provides for insurance data security, relates to reserve liabilities, repeals provisions relating to small company exemption and provides for adoption of exemption standards of the NAIC Valuation Manual. |
Other Consumer Privacy |
|
|
Pennsylvania |
Sharing of Reproductive Health Information |
Pending |
Amends the act known as The Insurance Company Law, provides for sharing of reproductive health information. |
Other Consumer Privacy |
|
|
Pennsylvania |
Privacy Transparency |
Pending |
Provides for privacy, transparency and compensation regarding the disclosure of information collected by genetic material testing entities. |
Genetic Privacy |
|
|
Pennsylvania |
Biometric Identifier Information |
Pending |
Provides for a requirement for commercial establishments to disclose the use and collection of biometric identifier information, provides for a private cause of action. |
Biometrics or Facial Recognition |
|
|
Pennsylvania |
Smart Technology Devices |
Pending |
Provides for transparency and disclosure of information collected by smart technology devices, establishes the Smart Technology Disclosure Fund, provides for powers and duties of the Office of Attorney General. |
Connected Devices |
|
|
Pennsylvania |
Consumer Data Privacy |
Pending |
Provides for consumer data privacy, for duties of controllers and for duties of processors, imposes penalties. |
Comprehensive |
|
|
Pennsylvania |
Protection of Pregnant Individuals Information |
Pending |
Provides for protection of pregnant individuals' information, for authorization for disclosure, for data breach and for violation. |
Other Consumer Privacy |
|
|
Pennsylvania |
Protection of Minors on Social Media |
Pending |
Amends Title 50 Mental Health of the Pennsylvania Consolidated Statutes, provides for protection of minors on social media, imposes penalties. |
Children’s Online Privacy |
|
|
Pennsylvania |
Sale of Malt or Brewed Beverages |
Pending |
Amends the act known as the Liquor Code, in licenses and regulations and liquor, alcohol and malt and brewed beverages, provides for sale of malt or brewed beverages by liquor licenses, for wine expanded permits and for retail dispensers' restrictions on purchases and sales. |
Other Consumer Privacy |
|
|
Pennsylvania |
Spirit Expanded Permits |
Pending |
Amends the act known as the Liquor Code, in preliminary provisions, provides for definitions, relates to licenses and regulations and liquor, alcohol and malt and brewed beverages, provides for spirit expanded permits. |
Other Consumer Privacy |
|
|
Pennsylvania |
Student Data Privacy and Protection |
Pending |
Provides that the secretary of education shall designate an individual to serve as the chief data privacy officer within the Department of Education to assume primary responsibility for student data privacy and security policy, provides that an educational entity shall adopt and implement reasonable security policies and procedures to protect educational records and student data to protect information from unauthorized access, destruction, use, modification or disclosure. |
Children’s Online Privacy |
|
|
Puerto Rico |
Charter of Digital Sphere Rights |
Pending |
Establishes the Charter of Digital Rights of Puerto Rico to safeguard the human rights of people in the digital sphere. |
|
|
|
Puerto Rico |
Cyber Privacy Protection Law |
Pending |
Creates the Law for the Protection of Cyber Privacy of Our Children and Young People in order to prohibit any operator, employee or agent of an internet page classified as a social network, as defined herein, from publishing and or disclose personal information of underage users residing in Puerto Rico, beyond the name and city where they reside, without the express consent of the father, mother or guardian with parental authority. |
Children’s Online Privacy |
|
|
Puerto Rico |
Electronic Information Privacy Law |
Pending |
Establishes the Electronic Information Privacy Law to protect the right to privacy of individuals regarding information stored on an electronic device or transmitted to a remote computer service provider. |
ISP Privacy |
|
|
Puerto Rico |
Protection of Data |
Pending |
Relates to Law for the Protection of Data and Information of the Consumer, in order that the consumer must give his informed consent on the collection, use and access of the information that he provides, by virtue of a request by any resident individual of Puerto Rico who establishes a business, legal entity incorporated or organized under the laws of Puerto Rico or of any jurisdiction of the United States, or a foreign corporation that has an office or other fixed location and that operates. |
|
|
|
Puerto Rico |
Law for the Protection of Digital Privacy |
Pending |
Relates to Law for the Protection of Digital Privacy, protects the personal information of consumers and guarantee the right to privacy in the digital age. |
|
|
|
Rhode Island |
State Data Transparency and Privacy |
Pending |
Requires online service providers and commercial websites that collect, store and sell personally identifiable information to disclose what categories of personally identifiable information they collect and to what third parties they sell the information, provides that this would not prohibit the collection or sale of personally identifiable information and would not require the retention or disclosure of personally identifiable information by online service providers or commercial websites. |
Website Privacy |
|
|
Rhode Island |
Disclosure of Confidential Healthcare Information |
Pending |
Amends provisions of law relative to the disclosure of confidential healthcare information and records and the disclosure thereof occurring through electronic means. |
Other Consumer Privacy |
|
|
Rhode Island |
Personal Data and Online Privacy Protection Act |
Pending |
Establishes the Rhode Island Personal Data and Online Privacy Protection Act, provides for the protection of personal data of individuals which is collected by certain commercial enterprises, including persons and enterprises that conduct business in the state, provides that the attorney general would be charged with enforcement of this act. |
Comprehensive; Studies, Task Forces, or Commissions |
|
|
Rhode Island |
Data Transparency and Privacy Protection Act |
Pending |
Provides data privacy protections for the personal identifiable information of State residents. |
Comprehensive |
|
|
Rhode Island |
Use of Facial and Biometric Recognition Technology |
Pending |
Relates to state affairs and government, relates to video lottery games, table games and sports wagering, relates to the Rhode Island consumer protection gaming act, prohibits the use of facial recognition technology and biometric recognition technology in video lottery terminals at pari-mutuel licensees in the state or in online betting applications. |
Biometrics or Facial Recognition |
|
|
Rhode Island |
Data Transparency and Privacy Protection |
Pending |
Provides data privacy protections for the personal identifiable information of Rhode Islanders. |
Comprehensive |
|
|
A. Samoa |
Not available |
|
|
|
|
|
South Carolina |
Pornographic Website Provision |
Pending - Carryover |
Provides definitions, provides that it is unlawful for an operator to make a pornographic website available to persons under the age of 18, provides that the attorney general shall create certain procedures, provides for a private right of action. |
Other Consumer Privacy |
|
|
South Carolina |
Personal Information Collection Prohibition |
Pending - Carryover |
Prohibits the collection of personal information from children by operators of websites, online services, and online or mobile applications and to establish penalties. |
Children’s Online Privacy |
|
|
South Carolina |
Public Utilities Customer Information Disclosure |
Pending - Carryover |
Prohibits natural gas or electric public utilities from disclosing customer information to a third party without the express consent of the customer. |
Other Consumer Privacy |
|
|
South Dakota |
Guardianships and Conservatorship |
Enacted |
Provides that the court must grant an interested person access to some or all of a protected person's medical or financial records if, on the motion of the interested person, the court finds access is in the best interest of the protected person, provides that if the court does not grant access, the court must issue written findings of fact and conclusions of law as to why the medical or financial records access was not granted. |
Other Consumer Privacy |
|
|
South Dakota |
Harmful Material to Minors |
Failed - Adjourned |
Provides liability for the publishing or distributing of material harmful to minors on the internet and the wrongful retention of individually identifiable information. |
Other Consumer Privacy |
|
|
South Dakota |
Medical Cannabis Establishments and Cardholder Data |
Enacted |
Allows medical cannabis establishments to maintain certain cardholder data, provides that a cardholder may, in writing, authorize an establishment to maintain the cardholder's name and other personally identifiable information, for the limited purpose of receiving direct communication regarding the cardholder's individual medical needs or use of a specific product. |
Other Consumer Privacy |
|
|
Tennessee |
Consumer Biometric Data Protection Act |
Pending - Carryover |
Enacts the Consumer Biometric Data Protection Act. |
Biometrics or Facial Recognition |
|
|
Tennessee |
Banks and Financial Institutions |
Pending - Carryover |
Prohibits a financial institution from releasing or providing the account balance or transaction activity of an account to a person without first obtaining the account holder's express permission or without a warrant issued by a judicial officer located in the state. |
Other Consumer Privacy |
|
|
Tennessee |
Consumer Protection |
Enacted |
Enacts the Tennessee Information Protection Act, provides that a consumer may invoke the consumer rights at any time by submitting a request to a controller specifying the consumer rights the consumer wishes to invoke, provides that a controller shall comply with an authenticated consumer request to exercise the right to confirm whether a controller is processing the consumer's personal information and to access the personal information. |
Comprehensive |
|
|
Tennessee |
Genetic Information Privacy Act |
Enacted |
Provides that a direct-to-consumer genetic testing company shall provide to a consumer essential information about the company's collection, use, and disclosure of genetic data and a prominent, publicly available privacy notice that includes information about the company's data collection, consent, use, access, disclosure, transfer, security, retention, and deletion practices and obtain a consumer's initial express consent for collection, use, or disclosure of the consumer's genetic data. |
Genetic Privacy |
|
|
Tennessee |
Consumer Protection |
Pending - Carryover |
Prohibits a business entity from retaining a copy, in an electronic or other format, of a person's identification unless the retention of that copy is specifically required by federal or state law, or the business entity obtains the express consent of the holder of that identification, prohibits a business entity from refusing to transact business with a person solely on the basis that the person refuses to provide express consent to the business entity or its agent, employee, or contractor. |
Other Consumer Privacy |
|
|
Tennessee |
Consumer Protection |
Pending - Carryover |
Relates to Consumer Protection, enacts the Tennessee Information Protection Act. |
Comprehensive |
|
|
Tennessee |
Consumer Protection |
Pending - Carryover |
Enacts the Consumer Biometric Data Protection Act. |
Biometrics or Facial Recognition |
|
|
Tennessee |
DNA and Genetic Testing |
Pending - Carryover |
Prohibits a life insurance provider from canceling a life insurance policy based on genetic information, from requesting or requiring genetic testing as a condition of insurability, and from accessing the genetic data of an individual without consent. |
Genetic Privacy |
|
|
Tennessee |
Consumer Protection |
Pending - Carryover |
Enacts the Genetic Information Privacy Act. |
Genetic Privacy |
|
|
Tennessee |
Consumer Protection |
Pending - Carryover |
Prohibits a business entity from retaining a copy, in an electronic or other format, of a person's identification unless the retention of that copy is specifically required by federal or state law, or the business entity obtains the express consent of the holder of that identification, prohibits a business entity from refusing to transact business with a person solely on the basis that the person refuses to provide express consent to the business entity or its agent, employee, or contractor. |
Other Consumer Privacy |
|
|
Tennessee |
Banks and Financial Institutions |
Pending - Carryover |
Prohibits a financial institution from releasing or providing the account balance or transaction activity of an account to a person without first obtaining the account holder's express permission or without a warrant issued by a judicial officer located in this state. |
Other Consumer Privacy |
|
|
Texas |
Regulation of Personal Data Collection and Use |
Enacted |
Relates to the regulation of the collection, use, processing, and treatment of consumers' personal data by certain business entities, imposes a civil penalty. |
Comprehensive |
|
|
Texas |
Protection of Minors |
Enacted |
Relates to the protection of minors from harmful, deceptive, or unfair trade practices in connection with the use of certain digital services and electronic devices, including the use and transfer of electronic devices to students by a public school. |
Children’s Online Privacy; Other Consumer Privacy |
|
|
Texas |
Use of Social Media Platforms by Children |
Failed - Adjourned |
Relates to prohibiting use of social media platforms by children. |
Children’s Online Privacy; Other Consumer Privacy |
|
|
Texas |
Restricting Access to Pornographic Materials |
Enacted |
Relates to the publication or distribution of sexual material harmful to minors on an internet website, provides a civil penalty. |
Other Consumer Privacy |
|
|
Texas |
Processing and Treatment of Consumers' Personal Data |
Failed - Adjourned |
Relates to the regulation of the collection, use, processing, and treatment of consumers' personal data by certain business entities, imposes a civil penalty. |
Comprehensive |
|
|
Texas |
Use of an Individuals Genetic Data |
Enacted |
Relates to an individual's genetic data, including the use of that data by certain genetic testing companies for commercial purposes and the individual's property right in DNA, authorizing a civil penalty. |
Genetic Privacy |
|
|
Texas |
Restricting Access to Sexual Material Harmful to Minors |
Failed - Adjourned |
Relates to restricting access to sexual material harmful to minors on an internet website. |
Other Consumer Privacy |
|
|
Texas |
Restricting Access to Sexual Material Harmful to Minors |
Failed - Adjourned |
Relates to restricting access to sexual material harmful to minors on an Internet website. |
Other Consumer Privacy |
|
|
Texas |
Minors and Digital Service Provider Agreements |
Failed - Adjourned |
Relates to online agreements between certain minors and certain digital service providers. |
Children’s Online Privacy |
|
|
Texas |
Collection and Use of Biometric Identifiers |
Failed - Adjourned |
Relates to collection and use of biometric identifiers and biometric information. |
Biometrics or Facial Recognition |
|
|
Texas |
Notice of Facial Recognition Technology |
Failed - Adjourned |
Relates to notice of facial recognition technology used by business entities in publicly accessible spaces. |
Biometrics or Facial Recognition |
|
|
Texas |
Personal Identifying Information |
Failed - Adjourned |
Relates to the authority of individuals over the personal identifying information collected, processed, or maintained about the individuals and certain others by certain businesses. |
Other Consumer Privacy |
|
|
Texas |
Regulation of Internet Products Services and Features |
Failed - Adjourned |
Relates to the regulation of internet products, services, and features accessed by children, provides a civil penalty. |
Children’s Online Privacy; Studies, Task Forces, or Commissions |
|
|
Texas |
Smart Devices Collection of Personal Data |
Failed - Adjourned |
Relates to requiring operators of smart devices to provide information to users about the collection of personal data. |
Connected Devices |
|
|
Texas |
Capture and Use of an Individuals Biometric Identifiers |
Failed - Adjourned |
Relates to the capture and use of an individual's biometric identifiers, specimen, or genetic information by a governmental body or peace officer or by a person for commercial purposes, authorizes civil penalties. |
Genetic Privacy |
|
|
Texas |
Protection of Identifiable Student Information |
Failed - Adjourned |
Relates to the protection of personally identifiable student information and the use of covered information by an operator or educational entity, authorizes a civil and administrative penalty. |
Children’s Online Privacy |
|
|
Texas |
Prohibited Report or Disclosure by Health Care Provider |
Failed - Adjourned |
Relates to the prohibited report or disclosure by health care providers of certain health information. |
Other Consumer Privacy |
|
|
Texas |
Smart Devices Collection of Personal Data |
Failed - Adjourned |
Requires operators of smart devices to provide information to users about the collection of personal data. |
Connected Devices |
|
|
Texas |
Websites Containing Sexual Material Harmful to Minors |
Failed - Adjourned |
Relates to requirements for certain internet websites containing sexual material harmful to minors. |
Other Consumer Privacy |
|
|
Texas |
Dissemination of Patient Information |
Failed - Adjourned |
Relates to the dissemination of patient information through a telemedicine, telehealth, or tele-dentistry service. |
Other Consumer Privacy |
|
|
Texas |
Regulation of Third-Party Data Collection Entities |
Enacted |
Relates to the regulation of third-party data collection entities, provides that a data broker that maintains an internet website or mobile application shall post a conspicuous notice on the website or application that, among other things, states that the entity maintaining the website or application is a data broker and is clear, not misleading, and readily accessible by the general public, including individuals with a disability, provides for civil penalties. |
Information Brokers; Website Privacy |
|
|
Texas |
Restricting Access to Sexual Material Harmful to Minors |
Failed - Adjourned |
Relates to restricting access to sexual material harmful to minors on an internet website. |
Other Consumer Privacy |
|
|
Texas |
Free from Governmental Intrusion |
Failed - Adjourned |
Proposes a constitutional amendment establishing the right to be free from governmental intrusion or interference into an individual's private life. |
Constitutional Amendment |
|
|
Utah |
Abuse of Personal Identity Act Amendments |
Enacted |
Amends provisions of the Abuse of Personal Identity Act, allows an individual's lawfully obtained personal information or public data to be used to preview, advertise, or promote the sale of a product, service, or subscription, provided that the use of the personal information or public data does not imply that the individual endorses or approves of the product, service, or subscription. |
Other Consumer Privacy |
|
|
Utah |
Information Privacy Requirements |
Failed |
Creates requirements for a governmental entity that uses a closed loop referral system, enacts requirements that certain entities must follow when obtaining consent to access or share individually identifiable social care information, requires consent to share an individual's individually identifiable social care information, requires a person who collects, processes, shares, or provides individually identifiable social care information to meet certain information privacy and security requirements. |
Other Consumer Privacy |
|
|
Utah |
Motor Vehicle Consumer Data Protection |
Failed |
Enacts provisions related to motor vehicle consumer data protection. |
Other Consumer Privacy |
|
|
Utah |
Social Media Regulation Amendments |
Enacted |
Enacts the Utah Social Media Regulation Act, requires a social media company to verify the age of state residents, requires a social media company to obtain the consent of a parent or guardian before a state resident under a specified age may maintain or open an account, prohibits a social media company from permitting a person to open an account if that person does not meet age requirements under state or federal law, provides for a private right of action. |
Children’s Online Privacy; Other Consumer Privacy |
|
|
Utah |
Education Data Privacy Amendments |
Enacted |
Amends provisions regarding the sharing of student data, prohibits the sharing of certain student data, extends a deadline for the state board regarding data integration with a local education agency, prohibits an education entity from sharing student data with a federal agency, except as required by federal law. |
Children’s Online Privacy |
|
|
Utah |
Online Pornography Viewing Age Requirements |
Enacted |
Creates obligations and liabilities for a commercial entity that provides pornography or other materials harmful to minors, provides that a commercial entity that knowingly and intentionally publishes or distributes material harmful to minors on the internet from a website that contains a substantial portion of such material shall be held liable if the entity fails to perform reasonable age verification methods to verify the age of an individual attempting to access the material. |
Other Consumer Privacy |
|
|
Utah |
Family Planning Data Privacy Amendments |
Failed |
Amends and enacts provisions related to reproductive health data. |
Other Consumer Privacy |
|
|
Vermont |
Legally Protected Health Care Activity |
Enacted |
Relates to civil and criminal procedures concerning legally protected health care activity, exempts cases involving tortious interference with legally protected health care activity from the SLAPP statute, prohibits civil arrest of a person for purposes of abusive litigation concerning legally protected health care activity, establishes a new cause of action regarding tortious interference with legally protected health care activity, prohibits a court from ordering a person to give testimony or statement. |
Other Consumer Privacy |
|
|
Vermont |
Consumer Privacy |
Pending - Carryover |
Relates to enhancing consumer privacy. |
Comprehensive; Studies, Task Forces, or Commissions |
|
|
Vermont |
State Broadband Internet Access Service Privacy Act |
Pending - Carryover |
Relates to the Vermont Broadband Internet Access Service Privacy Act. |
ISP Privacy |
|
|
Vermont |
Genetic Information Privacy and Consumer Health |
Pending - Carryover |
Relates to protecting genetic information privacy and consumer health information. |
Genetic Privacy |
|
|
Vermont |
Minimum Security Standards for Connected Devices |
Pending - Carryover |
Relates to adopting minimum security standards for connected devices. |
Connected Devices |
|
|
Vermont |
Protects Genetic Information Privacy |
Pending - Carryover |
Relates to protecting genetic information privacy and consumer health information. |
Genetic Privacy |
|
|
Virginia |
Consumer Data Protection Act |
Failed |
Relates to Consumer Data Protection Act, relates to protections for children, requires an operator, defined in the bill, to obtain verifiable parental consent prior to registering any child with the operator's product or service or before collecting, using, or disclosing such child's personal data and prohibits a controller from knowingly processing the personal data of a child for purposes of targeted advertising, the sale of such personal data. |
Children’s Online Privacy |
|
|
Virginia |
Health Records Privacy |
Failed |
Relates to health records privacy, relates to consumer-generated health information, requires certain entities that collect, gather, or use consumer-generated health information, defined in the bill, to take reasonable measures to safeguard the such aggregated health data, including adopting technical and organizational measures to ensure that consumer-generated health information is not linked to any individual, household, or device used by an individual or a household. |
Other Consumer Privacy |
|
|
Virginia |
Virginia Consumer Protection Act |
Failed |
Relates to Virginia Consumer Protection Act, relates to personal reproductive or sexual health information, adds obtaining, disclosing, selling, or disseminating certain enumerated personal reproductive or sexual health information without the consent of the consumer as a prohibited practice under the Virginia Consumer Protection Act. |
Other Consumer Privacy |
|
|
Virginia |
Consumer Data Protection Act |
Failed |
Relates to Consumer Data Protection Act, relates to protections for children, requires an operator, defined in the bill, to obtain verifiable parental consent prior to registering any child with the operator's product or service or before collecting, using, or disclosing such child's personal data and prohibits a controller from knowingly processing the personal data of a child for purposes of targeted advertising, the sale of such personal data, or profiling in furtherance of decisions. |
Children’s Online Privacy |
|
|
Virginia |
Abortion or Other Reproductive Health Care Services |
Failed - Adjourned |
Relates to abortion or other reproductive health care services, relates to prohibitions on extradition for certain crimes, relates to prohibited practices under Virginia Consumer Protection Act, provides that no demand for extradition of a person charged with a criminal violation of law of another state shall be recognized by the governor if such alleged violation involves the receipt of or assistance with reproductive health care services unless the alleged violation would also constitute a criminal. |
Other Consumer Privacy |
|
|
Virginia |
Health Records Privacy |
Failed |
Relates to health records privacy, relates to consumer-generated health information, requires certain entities that collect, gather, or use consumer-generated health information, defined in the bill, to take reasonable measures to safeguard the such aggregated health data, including adopting technical and organizational measures to ensure that consumer-generated health information is not linked to any individual, household, or device used by an individual or a household. |
Other Consumer Privacy |
|
|
U.S. Virgin Islands |
None |
|
|
|
|
|
Washington |
Consumer Health Data |
Enacted |
Addresses the collection, sharing, and selling of consumer health data. |
Genetic Privacy |
|
|
Washington |
Charter of Peoples Personal Data Rights |
Pending - Carryover |
Creates a charter of people's personal data rights. |
Comprehensive |
|
|
Washington |
Data Brokers |
Pending - Carryover |
Concerns the registration of business entities that qualify as data brokers. |
Information Brokers |
|
|
Washington |
Digital Privacy Day |
Adopted |
Recognizes digital privacy day. |
Other Consumer Privacy |
|
|
Washington |
Collection Sharing and Selling of Consumer Health Data |
Pending - Carryover |
Addresses the collection, sharing, and selling of consumer health data. |
Genetic Privacy |
|
|
Washington |
Charter of Peoples Personal Data Rights |
Pending - Carryover |
Creates a charter of people's personal data rights. |
Comprehensive |
|
|
West Virginia |
Governmental Access to Financial Records Act |
Enacted |
Provides that a financial institution is prohibited from disclosing a customer’s protected financial information and a governmental entity is prohibited from accessing or obtaining said information, with specified exceptions, provides that a financial institution may disclose a customer’s protected financial information if the customer provides the financial institution with written authorization for said disclosure, provides that the written authorization must contain certain information. |
Other Consumer Privacy |
|
|
West Virginia |
Online Privacy Protection Laws for Children |
Failed - Adjourned |
Provides online privacy protection laws for children. |
Children’s Online Privacy |
|
|
West Virginia |
Online Privacy Protection for Minors |
Failed - Adjourned |
Relates to online privacy protection for minors. |
Children’s Online Privacy |
|
|
West Virginia |
Information Confidentiality and Anti Discrimination Act |
Failed - Adjourned |
Relates to the State Medical Information Confidentiality and Anti-Discrimination Act. |
Other Consumer Privacy |
|
|
West Virginia |
Genetic Information Privacy Act |
Failed - Adjourned |
Relates to the Genetic Information Privacy Act. |
Genetic Privacy |
|
|
West Virginia |
Protection of Minors from Harmful Material on Internet |
Failed - Adjourned |
Relates to the protection of minors from harmful material on internet. |
Other Consumer Privacy |
|
|
West Virginia |
Consumer Data Protection Act |
Failed - Adjourned |
Relates to consumer data privacy, requires privacy for certain identifying personal information, establishes a consumer right to request copy of personal data collected, establishes a consumer right to have personal information deleted or corrected, establishes a consumer right to request personal data sold or shared, establishes a consumer right to opt-out of the sale or sharing of personal information to third parties. |
Comprehensive |
|
|
West Virginia |
West Virginia Consumer Privacy Act |
Failed - Adjourned |
Relates to the enactment of the West Virginia Consumer Privacy Act, providing definitions, provides prohibitions on disclosures or sales of certain consumer financial information, provides for civil remedies, provides for enforcement actions of the attorney general. |
Other Consumer Privacy |
|
|
West Virginia |
Consumer Data Protection Act |
Failed - Adjourned |
Relates to the Consumer Data Protection Act and establishing a framework for controlling and processing personal data in the state. |
Comprehensive |
|
|
West Virginia |
Adoption Records Accessible for Medical Purposes |
Failed - Adjourned |
Relates to adoption and parental rights, establishes a procedure for adopted children to obtain a copy of their original birth certificate and certain personal identifying information regarding their biological parents, establishes a process by which biological parents can consent to providing personal identifying information and medical history to children who have been adopted, allows biological parents to designate a contact preference. |
Other Consumer Privacy |
|
|
Wisconsin |
None |
|
|
|
|
|
Wyoming |
Disclosure of Private Cryptographic Keys |
Enacted |
Prohibits the compelled production of a private key that relates to a digital asset, digital identity or other interest or right, except under specified conditions, defines private key as a unique element of cryptographic data, or any substantially similar analogue, which is held by a person, paired with a unique, publicly available element of cryptographic data, and associated with an algorithm that is necessary to carry out an encryption or decryption required to execute a transaction. |
Other Consumer Privacy |
|
|
Wyoming |
Right of Individual Privacy |
Failed |
Provides for the right of individual privacy. |
Constitutional Amendment |
LexisNexis Terms and Conditions
类别说明
生物识别或面部识别
可能要求私人实体制定关于收集或保留生物特征标识符的书面政策,或者可能要求企业允许消费者选择不销售生物特征信息。一些立法可能仅适用于特定类型的生物特征,例如语音识别或面部识别,或适用于所有类型的生物信息。
儿童在线隐私
通常禁止出于营销目的收集未成年人用户的信息,并要求网站、在线服务或应用程序的运营商删除未成年人的个人信息。(不包括提及纳入《联邦儿童在线隐私保护法》(15 USC 6501等)要求的立法。
综合的
监管企业收集、使用和披露个人数据的广泛立法。例如,提供了特定的消费者权利,如访问、删除或更正不准确信息的权利,以及其他权利和规定。这些法案的全面性可能意味着它们将其他类别包括在这份清单中,即使没有注明。
连接的设备
监管智能扬声器和连接设备,例如,可能禁止在未经所有者同意的情况下收集、使用、存储或共享从连接设备获得的数据。
宪法修正案
提议对该州宪法进行修正,增加一项基本的隐私权。
基因隐私
通过要求在公司收集、使用和共享基因数据之前披露或同意,对直接面向消费者的基因检测公司进行监管。可能禁止保险公司使用消费者基因信息。(不包括禁止基于卫生服务提供者收集的遗传信息进行歧视的立法。)
信息经纪人
可以创建数据代理注册中心和/或监管收集消费者个人信息的第三方数据企业(该企业与消费者没有直接关系)。
ISP隐私
监管电信或互联网服务提供商如何收集或共享消费者数据的立法。
位置隐私
可禁止未经许可转让或出售消费者的地理位置或GPS数据,或禁止向第三方披露客户的地理位置数据。
其他消费者隐私
例如,杂项立法可能要求向消费者披露所收集的个人信息,或仅与特定行业或在线服务的隐私保护有关,等等。
研究、工作组或委员会
要求研究消费者隐私问题或成立工作组、咨询机构、委员会或其他监管、咨询或监督实体的立法。
网站隐私
立法要求收集个人身份信息的商业网站或在线服务的运营商通知客户其个人信息共享做法,或在共享互联网浏览器信息之前需要征得同意。
标签
- 登录 发表评论