MAINE

STATUS: Law

 

Maine has passed arguably one of the strictest internet privacy laws in the country. Signed in early June 2019 and due to go into effect in July 2020, the Act to Protect the Privacy of Online Customer Information will prohibit internet service providers (ISPs) from discriminating against or refusing to provide service to persons who want their data protected. Furthermore, the law would prohibit telecommunications companies from offering discounts or any other types of incentives to customers who do opt to share their data.

 

‹ BACK

MASSACHUSETTS

STATUS: Task Force

 

This proposed law is similar to the CCPA in that it aims to provide the:

 

  • Right to request deletion of collected personal information
  • Right to request a copy of collected personal information
  • Right of notice at or before the point of collection of personal information that is collected and disclosure of purposes
  • Right to opt-out of personal information transfer
  • Ability to obtain reports of personal information up to twice per year
  • Inability of covered businesses to deny goods or services or charge different prices or rates to consumers exercising their opt-out right

 

Additionally, the right to opt out applies to any disclosure of personal information to third parties and contains a complete prohibition on the knowing disclosure of children’s (under the age of 18) personal information. This law would also provide a private right of action for consumers who have suffered a violation of this proposed law.

 

‹ BACK

RHODE ISLAND

STATUS: Bill

 

This proposed law would place more stringent requirements on the collection and retention of consumers’ personal information by a business. This law would apply to all businesses, no matter the location, that collect personal information from Rhode Island residents. Businesses would be required to inform consumers of the categories of information collected and for what purpose prior to the collecting of that information. This law would also grant consumers a private right of action against businesses who commit certain violations of this law.

 

‹ BACK

CONNECTICUT

STATUS: Task force substituted for comprehensive bill
 
Connecticut has a proposed law that would establish a task force focused on consumer privacy. This law would require businesses to disclose the proposed use of any personal information and would give consumers the right to discover what personal information businesses possess and the ability to opt out of the sale of their personal information. It would also create a cause of action and penalties for violations of such requirements.

 

‹ BACK

NEW JERSEY

STATUS: Bill
 
This proposed law would require commercial Internet websites and online services to notify customers of collection and disclosure of personally identifiable information and allows customers to opt out.

 

‹ BACK

NEW YORK

STATUS: Bill
 
This proposed law (S224) focuses on the transparency of the disclosure of personal information without granting the other significant consumer rights. A business is required to make the categories of personal information disclosed to third parties available to customers. This would apply to any person or entity that does business in New York. This proposed law also permits consumers or customers of a business to bring a civil action to recover penalties for violations of the bill. New York also has another proposed law, SB S8641,that adds a private right of action to security violations of S224.

 

‹ BACK

MARYLAND

STATUS: Bill
 
This proposed law requires certain businesses that collect personal information from consumers to provide notices to the consumer at or before the point of collection. It also authorizes a consumer to submit a certain request for information to a certain business that collects the consumer’s personal information and requires a certain business to comply with certain requests for information in a certain manner and within 45 days after receiving a verifiable consumer request.

 

‹ BACK

ILLINOIS

STATUS: Bill

 

Illinois’ proposed bill, the Data Transparency and Privacy Act (HB 3358), is similar to CCPA in that it includes consumer rights to receive notice and opt out of the sale of personal data. However, the bill exempted from the definition of “sale” the use of personal data for advertising; a significant difference.

 

The bill would also provide the right to the consumer to know the approximate number of third parties that received their personal information. Furthermore, the bill defines “de-identified data” to data that could not be used to infer information about consumers.

 

‹ BACK

NORTH DAKOTA

STATUS: Task force substituted for comprehensive bill
 
This proposed law is a broad prohibition on the disclosure of personal information except with explicit consent.

 

‹ BACK

TEXAS

STATUS: Task force substituted for comprehensive bill
 
Texas has two proposed privacy laws in the state legislature. One is the Texas Consumer Privacy Act (TXCPA) and the other is the Texas Privacy Protection Act (TXPPA). The TXCPA would provide Texas consumers with rights to know what information of theirs is being collected, distributed and sold. It would also allows them to opt out of sales and request the deletion of unneeded data. It would also require businesses to be transparent when consumers exercise their rights and provide notices of information privacy operations. TXPPA is more of a GDPR-style restriction-based bill that prohibits a business from collecting or processing information except under certain circumstances.

 

‹ BACK

NEW MEXICO

STATUS: Bill postponed indefinitely
 
This proposed law would establish that consumers have a right to request from a business the kind of information collected or sold by that business. In addition, businesses would also have to notify consumers about the information they’re collecting and allow people to opt out. Furthermore, if someone stole consumer information from that business the consumer would have the right to file a lawsuit and recover damages, in some circumstances. Should this law be passed, it would be called the Consumer Information Privacy Act.

 

‹ BACK

WASHINGTON

STATUS: Bill postponed indefinitely
 
This proposed law allows consumers the right to access their data and know where it has been sold. Consumers would also be able to correct inaccurate information, delete personal information, and object to its use in direct marketing.

 

‹ BACK

NEVADA

STATUS: Law
 
Nevada’s passed privacy law, SB 220, requires website services and online services operators to post a notice on their website regarding their privacy practices and provide consumers the ability to provide a designated request address – such as email, toll-free number or website – for receipt of opt-out requests by consumers. The operators must then respond to the opt-out request within 60 days of receipt.

 

‹ BACK

CALIFORNIA

STATUS: Law

 

The California Consumer Privacy Act gives California consumers new privacy rights including:

  • Right to know all data collected by a business about you.
  • Right to say no to the sale of your information
  • Right to sue companies who collected your data and then that data was stolen due to a data breach or because the company was careless or negligent about how it protected your data.
  • Right to delete data you have posted.
  • Right not to be discriminated against if you tell a company not to sell your personal information.
  • Right to be informed of what data will be collected about you prior to its collection or at the point in time of collection as well as to be informed of any changes to the collection of your data.
  • Mandated opt-in before sale of the information of children under the age of 16.
  • Right to know with what third parties your data is shared.
  • Right to know the sources from which your data was required.
  • Right to know the purpose for which you information as collected and will be used.
  • Right to statutory damages between $100 and $750 for certain data breaches.

 

‹ BACK

HAWAII

STATUS: Bill

 

This bill would prohibit the sale of geolocation and internet browser data without consent. It would also amend provisions relating to electronic eavesdropping law and more.

‹ BACK

LOUISIANA

STATUS: Task force substituted for comprehensive bill

 

This bill requests the Southern University Law Center to establish a task force to study the effects of the sale of consumer personal information by internet access service providers, social media companies, search engines, websites, and other providers of online services.

‹ BACK

MINNESOTA

STATUS: Bill

 

Minnesota has proposed a privacy law that requires controllers to provide, correct or restrict personal data processing upon consumer request. Controllers would be required to provide privacy notice and document risk assessment and the attorney general would have enforcement authority.

‹ BACK

PENNSYLVANIA

STATUS: Bill postoned indefinitely

 

Pennsylvania’s proposed consumer privacy bill would include provisions such as:

  • comprehensive definition of personal information
  • protecting biometric information and geolocation data
  • protecting personally identifying information such as names, addresses, Social Security numbers, etc.
‹ BACK

FLORIDA

STATUS: Bill postponed indefinitely

 

This bill has been introduced to the Florida senate and would require the right to opt out as well as require that a consumer be notified when their information is being collected and sold.

 
‹ BACK

ARIZONA

STATUS: Bill

 

Two bills have been introduced in Arizona, one in the senate (SB 1614) and one in the house (HB 2729). Both bills introduce the right of access, right to deletion and the right to opt out. However, there are some differences between them as well.

‹ BACK

NEBRASKA

STATUS: Bill

 

The Nebraska Consumer Data Privacy Act would require that consumers be provided the right to deletion, right to opt-out, be notified if their information is being sold, and more.

‹ BACK

WISCONSIN

STATUS: Bill postponed indefinitely

 

The Wisconsin Data Privacy Act includes three parts: 

  • AB 870 relates to consumer access to personal data processed by a controller and provides penalty

  • AB 871 relates to the deletion of consumer personal data and provides penalty

  • AB 872 relates to restricting controllers from user consumer personal data and provides penalty

‹ BACK

MISSISSIPPI

STATUS: Bill postponed indefinitely

 

The Mississippi Consumer Privacy Act would provide consumers with the right to deletion, right of portability, right to opt-out, and more.

‹ BACK

NEW HAMPSHIRE

STATUS: Bill

 

New Hampshire has two bills in the house that address privacy. One is concerning the expectation of privacy (HB 1236) and the other addresses the collection of personal data by businesses (HB 1680).

‹ BACK

VIRGINIA

STATUS: Bill

 

The Virginia Privacy Act requires companies to provide consumers with the right to access their data, the right of deletion, the right to opt-out, and more.

‹ BACK

SOUTH CAROLINA

STATUS: Bill

 

The South Carolina Biometric Data Privacy Act would provide consumers with rights such as:

 

  • The right of access to data

  • Right of deletion

  • Right to opt-out

 

And more.

 
‹ BACK