|
Alabama
|
H 21
|
Genetic Testing Companies
|
Enacted
|
Requires genetic testing companies to protect the confidentiality of the genetic information of the customers and acquire customer consent for certain uses of the genetic information; requires customer consent for certain uses by genetic testing companies of genetic information; provides a civil penalty for violations of this act to be enforced by the attorney general.
|
Genetic Privacy
|
|
Alabama
|
H 164
|
Consumer Protection
|
Enacted
|
Relates to consumer protection; provides legislative findings; provides definitions; provides age-verification requirements for the distribution of sexual material harmful to minors through certain adult websites, applications, and digital and virtual platforms; prohibits the retention of certain personally identifying information; assesses an additional tax on the gross proceeds received through sales, distribution, memberships, subscriptions, and performances of material deemed harmful.
|
Other Consumer Privacy
|
|
Alabama
|
H 451
|
Location Monitoring Data
|
Failed - Adjourned
|
Relates to location monitoring; provides for location monitoring data in certain circumstances; and provides for location monitoring services contracts.
|
Location Privacy
|
|
Alabama
|
S 213
|
Data Brokers Requirement and Registration
|
Failed - Adjourned
|
Relates to data privacy; requires consumer data brokers to publicly state certain information; requires data brokers to register with the secretary of state; requires that data brokers protect data using specified security measures; provides civil and criminal penalties for violations.
|
Information Brokers
|
|
Alaska
|
H 215
|
Constitution of the State of Alaska Privacy
|
Failed - Adjourned
|
Relates to the definition of privacy in the Constitution of the state of Alaska. Adds a new section to include specific acts not protected under right to privacy.
|
Constitutional Amendment
|
|
Alaska
|
H 254
|
Publishing Pornography Liability
|
Failed - Adjourned
|
Requires a commercial entity that intentionally publishes or distributes pornography on the internet from an internet website that contains a substantial portion of pornography to use a commercially reasonable age verification method to verify that a person attempting to access the pornography is 18 years of age or older. A commercial entity that violates this requirement is liable to an individual for damages resulting from a minor accessing the pornography.
|
Other Consumer Data Privacy
|
|
Arizona
|
H 2586
|
Harmful Website Content and Age Verification
|
Vetoed
|
Relates to harmful website content; relates to age verification.
|
Other Consumer Privacy; Children's Online Privacy
|
|
Arizona
|
H 2858
|
Social Media Protections and Minors
|
Failed - Adjourned
|
Relates to social media protections; relates to minors. Requires social media platforms that are easily accessible to minors to opt out of the collection and use of minor's personal information and prohibit the use of collected from minors to be used for targeted marketing.
|
Children's Online Privacy
|
|
Arizona
|
S 1051
|
Location Tracking Applications and Disabling Prohibited
|
Failed - Adjourned
|
Relates to location tracking applications on minors’ electronic communication devices and disabling specific functions prohibitions.
|
Location Privacy
|
|
Arizona
|
S 1609
|
Health Care Cost Containment System Administration
|
Enacted
|
Reviews and minimizes duplicative paperwork requirements for and limits the number of contractors and entities that unnecessarily receive personal health information of members with serious mental illness who are receiving services. Prohibits contracted housing program administrators from selling or sharing any member's personal health information.
|
Other Consumer Privacy
|
|
Arkansas
|
None
|
|
|
|
|
|
California
|
A 801
|
Student Privacy: Online Personal Information
|
Enacted
|
Relates to the California Consumer Privacy Act, the Early Learning Personal Information Protection Act, and the Student Online Personal Information Protection Act. Requires an operator of specified websites, online services and applications, or mobile applications to delete a preschool, prekindergarten, or K-12 pupil's covered information under the operator's control that is not subject to the CCPA if the pupil's guardian, education rights holder, or the pupil requests an operator to delete the information.
|
Children's Online Privacy
|
|
California
|
A 1008
|
California Consumer Privacy Act of 2018: Personal Info
|
Enacted
|
Amends the California Consumer Privacy Act of 2020. Specifies that personal information can exist in various formats.
|
Comprehensive
|
|
California
|
A 1824
|
California Consumer Privacy Act of 2018: Opt-Out Right
|
Enacted
|
Amends the California Consumer Privacy Act of 2018. Requires a business to which another business transfers the personal information of a consumer as an asset that is part of a merger, acquisition, bankruptcy, or other transaction in which the transferee assumes control of all or part of the transferor to comply with a consumer's opt out direction to the transferor.
|
Comprehensive
|
|
California
|
A 1949
|
California Consumer Privacy Act of 2020: Collection
|
Vetoed
|
Amends the California Consumer Privacy Act. Prohibits a business from selling or sharing the personal information of a consumer if the business has actual knowledge that the consumer is less than 18. Prohibits a business from selling or sharing the personal information of a consumer over 13, but less than 18, unless the consumer, or the consumer's parent or guardian, has affirmatively authorized the sale or sharing of the consumer information. Requires the attorney general to adopt certain regulations.
|
Children's Online Privacy; Comprehensive
|
|
California
|
A 1971
|
Administration of Standardized Tests
|
Enacted
|
Prohibits an operator of an internet website, online service, online application, or mobile application with actual knowledge that the site, service, or application is used primarily for K-12 school purposes from selling a student's information. Prohibits a national assessment provider from knowingly doing certain things with respect to its administration of, or publishing or distributing the scores with respect to, a standardized test.
|
Children’s Online Privacy; Other Consumer Privacy; Website Privacy
|
|
California
|
A 2529
|
Social Media Platforms: Video Games: Minors
|
Failed - Adjourned
|
Prohibits a social media platform or video game from collecting the personal information of a minor unless otherwise required by law to do so. Defines minor.
|
Children's Online Privacy; Other Consumer Privacy
|
|
California
|
A 2741
|
Rental Car Companies: Electronic Surveillance
|
Enacted
|
Provides that existing law authorizes a rental company to activate electronic surveillance technology if the rental vehicle has not been returned following 72 hours after the contracted return date or by 72 hours following the end of an extension of that return date. Amends current law to decrease the time that a rental company must wait before activating the technology. Specifies that the oral advisement shall be made if the transaction is completed in person or by telephone.
|
Location Privacy
|
|
California
|
A 2877
|
California Consumer Privacy Act of 2018
|
Failed - Adjourned
|
Prohibits, except if certain conditions are met, a developer from using the personal information of a consumer less than a certain age to train or fine-tune an AI system or service unless the consumer or their parent or guardian has affirmatively authorized that use of the consumer's personal information. Requires a developer to deidentify and aggregate the personal information subject to the authorization before using the personal information.
|
Children's Online Privacy
|
|
California
|
A 3048
|
California Consumer Privacy Act of 2018
|
Vetoed
|
Prohibits a business from developing or maintaining a browser that does not include a setting that enables a consumer to send an opt-out preference signal to businesses with which the consumer interacts through the browser. The bill would authorize the California Privacy Protection Agency to adopt regulations as necessary to implement and administer those provisions, including to update the definitions of "browser" and "mobile operating system" to address changes in technology, data collection, obstacles to implementation, or privacy concerns.
|
Comprehensive; Website Privacy
|
|
California
|
A 3124
|
Internet Websites: Personal Information
|
Failed - Adjourned
|
Prohibits a business from making covered personal information publicly available on its internet website. Requires a business that sells personal information through an internet website to retain identifying information of the customer that purchases that personal information and to make that identifying information available upon request to the subject of the personal information purchased by the customer. Provides a civil penalty for violations.
|
Comprehensive
|
|
California
|
A 3139
|
Data Privacy: Vehicle Manufacturers: Remote Vehicle
|
Failed - Adjourned
|
Provides that existing law provides various protections to persons who are escaping from actual or threatened domestic violence, sexual assault, stalking, human trafficking, and other abuse. Requires a vehicle manufacturer that offers a vehicle for sale, rent, or lease in the state that includes remote vehicle technology to ensure that the remote vehicle technology can be immediately manually disabled by a driver of the vehicle while that driver is inside the vehicle. Defines survivor and covered act.
|
Other Consumer Privacy
|
|
California
|
A 3204
|
Data Digesters Registration Act
|
Failed - Adjourned
|
Requires data digesters to register with the California Privacy Protection Agency, pay a registration fee, and provide specified information. Prescribes penalties for a failure to register as required by these provisions. Requires the agency to create a page on its internet website where this registration information is accessible to the public and creates the Data Digester Registry Fund. Defines various terms and incorporates specified definitions provided in the California Privacy Rights Act.
|
Information Brokers
|
|
California
|
A 3286
|
California Consumer Privacy Act of 2018
|
Enacted
|
Amends the California Consumer Privacy Act of 2018 (CCPA). The bill removes that responsibility from the attorney general and would instead require the agency to determine and apply the percentage change in the Consumer Price Index for the monetary thresholds, as prescribed. Authorizes specified uses of money in the Consumer Privacy Fund to offset any costs incurred by the state courts in connection with actions brought to enforce the CCPA.
|
Comprehensive
|
|
California
|
S 1000
|
Connected Devices: Device Protection Requests
|
Failed - Adjourned
|
Relates to restraining orders to prevent abuse. Requires an account manager to terminate or disable a covered device or account access to a perpetrator commencing no later than a specified number of days after a device protection request is submitted to the account manager by a survivor of that perpetrator. Specifies the requirements for a survivor to submit a device protection request and the requirements for account managers to make the request available, subject to specified exceptions.
|
Location Privacy; Connected Devices
|
|
California
|
S 1027
|
Political Reform Act of 1974: Disclosures
|
Enacted
|
Provides that the Political Reform Act of 1974 provides for the comprehensive regulation of campaign financing, including requiring the reporting of campaign contributions. Authorizes a campaign committee to redact the bank account number on a copy of a statement of organization filed with a local filing officer. Requires the secretary of state to redact the bank account number on a statement of organization filed with the secretary of state before making the statement available to the public in any form.
|
Other Consumer Privacy
|
|
California
|
S 1076
|
Data Brokers: Accessible Deletion Mechanism
|
Failed - Adjourned
|
Amends the California Consumer Privacy Act of 2018 (CCPA) to imposes additional requirements on the accessible deletion mechanism regarding authorized agents.
|
Comprehensive; Information Broker
|
|
California
|
S 1223
|
Consumer Privacy: Sensitive Personal Information
|
Enacted
|
Amends the California Consumer Privacy Act. Defines sensitive personal information to include a consumer's neural data. Defines neural data to mean information that is generated by measuring the activity of a consumer's central or peripheral nervous system, and that is not inferred from nonneural information.
|
Comprehensive; Health; Other Consumer Privacy
|
|
California
|
S 1250
|
Privacy: Genetic Testing: Newborn Screening
|
Failed - Adjourned
|
Expands requirements of the Genetic Information Privacy Act to the state Newborn Screening Program beginning on specified date.
|
Genetic Privacy
|
|
California
|
S 1371
|
Alcoholic Beverage Control: Proof of Age
|
Enacted
|
Provides that the Alcoholic Beverage Control Act subjects a licensee to criminal prosecution and suspension or revocation of licensure if the licensee sells alcoholic beverages to any person under 21. Makes the use of a biometric system a defense to any criminal prosecution or proceedings against the licensee. Requires the system to be based upon a review of bona fide evidence of majority and identity of a person and that verifies and authenticates the validity of that evidence.
|
Biometrics or Facial Recognition
|
|
California
|
S 1377
|
Privacy
|
Failed - Adjourned
|
Amends the Consumer Privacy Act of 2018.
|
Comprehensive
|
|
California
|
S 1394
|
Access to Connected Vehicle Service
|
Enacted
|
Relates to protections for persons who are escaping domestic violence, sexual assault, stalking, and other abuse. Requires a covered provider to provide, in a vehicle manufactured on or after the specified date, that has connected vehicle location access a mechanism that can be used by a driver who is inside a vehicle to immediately disable access. Applies such provisions to vehicles manufactured prior to the specified date that have location access and have the capability to receive software updates.
|
Connected Devices; Location Privacy
|
|
California
|
S 1444
|
Let Parents Choose Protection Act of 2024
|
Failed - Adjourned
|
Relates to online privacy rights for minors. Requires the Department of Technology to issue guidance for large social media providers and third-party software providers regarding the implementation and maintenance of technical standards to protect minor user data. Requires a third-party safety software provider receiving any data pursuant to these provisions to at least annually enlist a qualified independent auditing firm to audit its privacy, security, and legal compliance.
|
Children's Online Privacy
|
|
California
|
SCR 94
|
Data Privacy Week and Day
|
Adopted
|
Designates the fourth week of January as Data Privacy Week and the last Sunday of January as Data Privacy Day.
|
|
|
Colorado
|
H 1058
|
Privacy Act
|
Enacted
|
Amends the state Privacy Act; expands the definition of sensitive data to include biological data; provides that biological data includes neural data, which is information that concerns the activity of an individual’s central or peripheral nervous systems and that can be processed by or with the assistance of a device.
|
Comprehensive; Health
|
|
Colorado
|
H 1130
|
Privacy of Biometric Identifiers Data
|
Enacted
|
Amends the state Privacy Act; provides that a controller that controls or processes one or more biometric identifiers shall adopt a written policy that, among other things, establishes a retention schedule for biometric identifiers and biometric data and includes a protocol for responding to a data security incident that may compromise the security of biometric identifiers or biometric data, including a process for notifying a consumer when the security of the consumers identifier or data has been breached.
|
Comprehensive; Biometrics or Facial Recognition
|
|
Colorado
|
H 1468
|
Artificial Intelligence Impact Task Force
|
Enacted
|
Concerns the creation of the Artificial Intelligence Impact Task Force; modifies definitions; provides membership duties; provides compensation; provides staff support. Requires the task force to develop recommendations related to the use of facial recognition services and biometric technology.
|
Biometrics or Facial Recognition
|
|
Colorado
|
S 11
|
Online Facilitated Misconduct and Remote Tracking
|
Enacted
|
Concerns measures to increase protection from harm caused using technology; requires an online dating service to have a safety policy that includes certain elements; provides that it is a deceptive trade practice if a service does not have a compliant safety policy. Creates penalties for tracking a person, unauthorized, with a tracking device.
|
Location Privacy
|
|
Colorado
|
S 41
|
Privacy Act
|
Enacted
|
Adds data protections for a minor's online activity; provides that ongoing advances in technology have produced exponential growth in the volume and variety of personal data from individuals, including minors, being generated, collected, stored, and analyzed and these advances present both promise and potential peril; provides minors the right to control their personal data.
|
Children's Online Privacy
|
|
Colorado
|
S 129
|
Nonprofit Member Data Privacy Public Agencies
|
Enacted
|
Concerns protecting the privacy of persons associated with nonprofit entities; prohibits public agencies from taking certain actions relating to the collection and disclosure of data that may identify such persons.
|
Other Consumer Privacy
|
|
Colorado
|
S 158
|
Social Media Companies
|
Failed - Adjourned
|
Requires that a social media company must post published policies for each of its platforms, and must post any updates to the policies; provides that such policies must include, among other things, contact information that allows a user to ask the company questions about the published policies; prohibits a social media company from, among other things, alerting a user to the fact that a law enforcement agency is investigating the users activity and account; appropriates funds to the Department of Law.
|
Other Consumer Privacy
|
|
Connecticut
|
H 5146
|
Disclosures of Financial Records
|
Enacted
|
Provides that a financial institution shall disclose financial records concerning a customer in response to a certificate signed by the commissioner of social services, or any person deputized by said commissioner, not later than a specified number of days after the financial institution receives such certificate; provides that any officer or employee of a financial institution who knowingly and willfully furnishes financial records in violation of the banking law shall be guilty of a class C misdemeanor.
|
Other Consumer Privacy
|
|
Connecticut
|
S 3
|
Consumer Protection
|
Failed - Adjourned
|
Requires certain broadband internet access service providers to provide affordable broadband internet access service, require certain fee disclosures and prohibit deceptive and excessive fees for consumer goods and services, prohibit public entities from purchasing or operating certain small unmanned aircraft systems, impose various requirements concerning connected devices, require net neutrality by imposing requirements on certain broadband Internet access service providers, regulate streaming service billing practices, and impose various requirements concerning repairs of electronic or appliance products. Prohibits connected device manufacturer, or a person who enters a contract with a connected device manufacturer, to use or sell any recording collected through operation of a voice recognition feature for advertising purposes.
|
Biometrics; Connected Devices; Other Consumer Privacy
|
|
Delaware
|
H 154
|
Delaware Personal Data Privacy Act
|
Enacted
|
Relates to personal data privacy and consumer protection; provides that a consumer has the right to, among other things, confirm whether a controller is processing the consumer's personal data and access such personal data, unless such confirmation or access would require the controller to reveal a trade secret.
|
Comprehensive
|
|
Delaware
|
H 286
|
The Ericka Byler Act
|
Enacted
|
Provides that a person engaged in the business of life insurance may not take certain actions based solely on any genetic characteristic or genetic information contained in the result of any genetic test, including, among other things, denying, refusing to issue, renew or reissue, canceling, or terminating an insurance policy or restricting coverage; provides that a person engaged in the business of life insurance may not require or request that an individual or a family member take a genetic test.
|
Genetic Privacy
|
|
Delaware
|
H 359
|
Data Privacy and Consumer Protection
|
Failed - Adjourned
|
Expands the protections offered to consumers under the Delaware Personal Data Privacy Act to also include by state government.
|
Other Consumer Privacy
|
|
District of Columbia
|
B 930
|
Consumer Health Information Privacy Protection
|
Pending
|
Requires regulated entities that collect consumer health data to have a consumer health data privacy policy containing specific information about its collection, use and sharing of consumer health data and post it on the home page of their website, to prohibit regulated entities from contracting with processors, affiliates, or third parties to process consumer health data in a manner inconsistent with the policy. Defines "publicly available information” does not include any biometric data collected about a consumer by a business without the consumer’s consent.
|
Other Consumer Privacy
|
|
Florida
|
H 1
|
Social Media Use for Minors
|
Vetoed
|
Requires certain social media platforms to prohibit certain minors from creating new accounts and to verify the age of account holders; specifies the age verification methods the social media platform is required and authorized to offer; authorizes the Department of Legal Affairs to bring actions for knowing or reckless violations under the Florida Deceptive and Unfair Trade Practices Act.
|
Children's Online Privacy
|
|
Florida
|
H 3
|
Online Access to Materials Harmful to Minors
|
Enacted
|
Provides that a commercial entity that knowingly and intentionally publishes or distributes material harmful to minors on a website or application, if the website or application contains a substantial portion of material harmful to minors, must use either anonymous age verification or standard age verification to verify that the age of a person attempting to access the material is a certain age or older and prevent access to the material by a person younger than a certain age; provides for civil penalties.
|
Children's Online Privacy; Other Consumer Privacy
|
|
Florida
|
H 401
|
Tracking Devices and Applications
|
Failed
|
Relates to tracking devices and applications; prohibits the placement or use of a tracking device or tracking application to determine the location or movement of another person or another person's property without that person's consent; provides for criminal penalties.
|
Location Privacy
|
|
Florida
|
S 504
|
Sale of a Deceased Human Body’s Biometric Data
|
Failed
|
Provides disciplinary grounds for the sale of a deceased human body's biometric data under certain circumstances; provides disciplinary grounds for a funeral establishment that fails to provide a legally authorized person with specified disclosures regarding the sale of a deceased human body's biometric data or fails to provide a legally authorized person with the option to opt out of such a sale.
|
Biometrics or Facial Recognition
|
|
Florida
|
S 740
|
Parental Rights and Mobile Location Tracking Act
|
Failed
|
Relates to wireless services provider automatic location identification information; authorizes a parent or person with legal custody of a child and a guardian of a ward to access a child's or ward's automatic location identification information under certain circumstances; requires a wireless services provider to provide to a parent, person with legal custody, or guardian the automatic location identification information of certain cellular telephones in certain circumstances.
|
Location Privacy
|
|
Florida
|
S 758
|
Tracking Devices and Applications
|
Enacted
|
Relates to tracking devices and applications; prohibits the placement or use of a tracking device or tracking application to determine the location or movement of another person or another person's property without that person's consent; providing criminal penalties; conforms provisions to changes made by the act.
|
Location Privacy
|
|
Florida
|
S 1788
|
Age Verification for Social Media Platform Accounts
|
Failed
|
Requires social media platforms to prohibit certain minors from creating new accounts, use reasonable age-verification methods to verify the ages of account holders, to terminate certain accounts and provide additional options for termination of such accounts, and to disclose specified policies and provide specified resources, measures, and disclaimers; authorizes the Department of Legal Affairs to bring actions for violations under the Florida Deceptive and Unfair Trade Practices Act.
|
Children's Online Privacy
|
|
Florida
|
S 1792
|
Online Access to Materials Harmful To Minors
|
Failed
|
Requires a commercial entity that knowingly and intentionally publishes or distributes material harmful to minors on a website or application that contains a substantial portion of such material to perform reasonable age verification methods and methods for reporting unauthorized or unlawful access; prohibits the retention of certain personal identifying information.
|
Children's Online Privacy; Other Consumer Privacy
|
|
Georgia
|
H 498
|
Enacts the Georgia Consumer Privacy Protection Act
|
Failed - Adjourned
|
Relates to commerce and trade, so as to enact the Georgia Consumer Privacy Protection Act; protects the privacy of consumer personal data in this state; provides for definitions; to provide for applicability; provides for exemptions for certain entities, data, and uses of data; provides for consumer rights regarding personal data; provides for a consumer to exercise such rights by submitting a request to a controller.
|
Comprehensive
|
|
Georgia
|
H 910
|
Entities That Distribute Material Harmful to Minors
|
Failed - Adjourned
|
Creates a civil remedy for damages against commercial entities that distribute material harmful to minors without performing age verification methods; provides for reasonable age verification process requirements for commercial entities; provides for standards for liability; provides for exceptions; provides that age verification information shall not be retained by commercial entities; provides for the attorney general’s imposition of fines; provides for liability for damages; relates to internet safety.
|
Children's Online Privacy; Other Consumer Privacy
|
|
Georgia
|
H 1113
|
Personal Privacy Protection Act
|
Failed - Adjourned
|
Relates to state printing and documents, to prohibit the collecting of certain personal information; prohibits the release of certain personal information; creates exceptions; excludes certain information from state open records laws; creates the crime of improper collection or disclosure of personal information; provides a short title; provides for related matters; repeals conflicting laws.
|
Other Consumer Privacy
|
|
Georgia
|
H 1365
|
Protecting Children’s Mental Health
|
Failed - Adjourned
|
Relates to minors, so as to create a civil remedy for damages against commercial entities that allow minors to access a social media platform without performing reasonable age verification methods; provides for definitions; provides for reasonable age verification requirements for commercial entities; provides for standards for liability; provides for exceptions; provides that age verification information shall not be retained by commercial entities; provides for the attorney general’s imposition of fines.
|
Children's Online Privacy; Other Consumer Privacy
|
|
Georgia
|
S 351
|
Protecting Georgia’s Children on Social Media Act
|
Enacted
|
Provides for social media platform access by minors; provides for social media policies in public schools; requires the Department of Education to develop and periodically update model programs for educating students regarding online safety; provides for inclusion of parental measures and controls in such technology protection measures; provides for the withholding of funds allotted for public schools that have not provided for adequate measures; revises provisions relating to bullying and cyberbullying.
|
Children's Online Privacy
|
|
Georgia
|
S 414
|
Personal Privacy Protection Act
|
Enacted
|
Relates to state printing and documents, so as to prohibit the collecting of certain personal information; prohibits the release of certain personal information; creates exceptions; excludes certain information from state open records laws; creates the crime of improper collection or disclosure of personal information; provides a short title; provides for related matters; repeals conflicting laws.
|
Other Consumer Privacy
|
|
Georgia
|
S 473
|
Consumer Privacy Protection Act
|
Failed - Adjourned
|
Enacts the State Consumer Privacy Protection Act; protects the privacy of consumer personal data in this state; provides for definitions; provides for exemptions for certain entities, data, and uses of data; provides for consumer rights regarding personal data; provides for a consumer to exercise such rights by submitting a request to a controller; provides for a controller to promptly respond to such requests.
|
Comprehensive
|
|
Georgia
|
SR 806
|
Senate Study Committee
|
Failed - Adjourned
|
Creates the Senate Study Committee on the Impact of Social Media on Children and Platform Privacy Protection.
|
Children's Online Privacy
|
|
Hawaii
|
H 1566
|
Consumer Health Data
|
Failed - Adjourned
|
Requires additional disclosures and consumer consent regarding the collection, sharing, and use of consumer health data information; provides consumers with the right to have their health data deleted; prohibits the sale of consumer health data without valid authorization signed by the consumer; prohibits the utilization of a geofence around a facility that provides health care services.
|
Biometrics or Facial Recognition; Genetic Privacy; Other Consumer Privacy
|
|
Hawaii
|
H 1668
|
Consumer data Protection
|
Failed - Adjourned
|
Establishes provisions allowing for consumers to request data brokers that maintain their personal information to delete any personal information related to the consumer.
|
Information Broker
|
|
Hawaii
|
H 2014
|
Location Tracker
|
Failed - Adjourned
|
Prohibits a person from using a location tracker to harass, stalk, or perpetuate a crime against another person without their knowledge.
|
Location Privacy
|
|
Hawaii
|
HCR 152
|
Social And Safety Impacts of Geotagging
|
Failed - Adjourned
|
Urges the state Tourism Authority, in consultation with the Office of Enterprise Technology Services, to conduct a study on the social and safety impacts of geotagging.
|
Location Privacy
|
|
Hawaii
|
HR 131
|
Social and Safety Impacts of Geotagging
|
Adopted
|
Urges the state Tourism Authority, in consultation with the Office of Enterprise Technology Services, to conduct a study on the social and safety impacts of geotagging.
|
Location Privacy
|
|
Hawaii
|
S 2012
|
Online Privacy Protection for Children
|
Failed - Adjourned
|
Requires a business that provides an online service, product, or feature likely to be accessed by children to comply with certain data privacy requirements; requires a business to complete a data protection impact assessment for any online service, product, or feature likely to be accessed by children and maintain documentation of the assessment as long as the online service, product, or feature is likely to be accessed by children; requires a business to make a data protection impact assessment available.
|
Children's Online Privacy; Other Consumer Privacy; Studies
|
|
Hawaii
|
S 2309
|
Children Data Protections
|
Failed - Adjourned
|
Establishes the state Age Appropriate Design Code to promote privacy protections for children and ensure that online products, services, or features that are likely to be accessed by children are designed in a manner that recognizes the distinct needs of children at different age ranges; establishes a children's data protection working group, administratively attached to the department of the attorney general, to assess and develop recommendations on the best practices for the implementation.
|
Online Children's Privacy; Studies
|
|
Hawaii
|
S 2310
|
Harassment
|
Failed - Adjourned
|
Prohibits a person from using a location tracker to harass, stalk or perpetuate a crime against another person without their knowledge.
|
Location Privacy
|
|
Hawaii
|
S 2581
|
Data Brokers Consumer Protection
|
Failed - Adjourned
|
Establishes provisions allowing for consumers to request data brokers that maintain their personal information to delete any personal information related to the consumer.
|
Information Broker
|
|
Hawaii
|
S 2696
|
Consumer Health Data
|
Failed - Adjourned
|
Establishes standards for the collection, sale, and destruction of consumer health data by regulated entities and small businesses.
|
Other Consumer Privacy
|
|
Hawaii
|
S 3018
|
Personal Consumer Data
|
Failed - Adjourned
|
Establishes a framework to regulate controllers and processors with access to personal consumer data; establishes penalties; establishes a new consumer privacy special fund; declares that the General Fund expenditure ceiling is exceeded; makes an appropriation.
|
Comprehensive
|
|
Idaho
|
H 448
|
Publishers and Distributors Liability
|
Failed - Adjourned
|
Adds to existing law to establish provisions to protect minors from harmful material on the internet.
|
Online Children's Privacy
|
|
Idaho
|
H 711
|
Public Utilities
|
Failed - Adjourned
|
Adds to existing law to prohibit public utilities from requiring the disclosure of Social Security numbers as a condition of receiving any product, commodity, or service provided by the public utility.
|
Other Consumer Privacy
|
|
Idaho
|
H 727
|
Social Security Numbers Disclosure
|
Enacted
|
Provides that no public utility shall require an applicant for any product or commodity furnished by the utility or service rendered by the utility to disclose more than four digits of the applicant’s Social Security number prior to obtaining such product, commodity, or service; provides that in the event the utility uses an applicant’s full Social Security number for a credit check, the full Social Security number shall be deleted from the utility’s records within a certain number of days of the credit check.
|
Other Consumer Privacy
|
|
Illinois
|
H 1168
|
Genetic Information Privacy Act
|
Enacted
|
Amends the Rights of Crime Victims and Witnesses Act; provides that, except in certain medical examiner or coroner investigations, whenever a person’s DNA profile is collected due to the person being a victim of a crime, that specific profile collected in conjunction with that criminal investigation shall not be entered into any DNA database; defines DNA database.
|
Genetic Privacy
|
|
Illinois
|
H 3385
|
Data Privacy and Protection Act
|
Pending
|
Creates the Data Privacy and Protection Act; provides that a covered entity may not collect, process, or transfer covered data unless the collection, processing, or transfer is limited to what is reasonably necessary and proportionate; provides that a covered entity and a service provider shall establish, implement, and maintain reasonable policies, practices, and procedures concerning the collection, processing, and transferring of covered data; contains provisions concerning retaliation.
|
Comprehensive
|
|
Illinois
|
H 4093
|
Protect Health Data Privacy Act
|
Failed – adjourned.
|
Creates the Protect Health Data Privacy Act; provides that a regulated entity shall disclose and maintain a health data privacy policy that clearly and conspicuously discloses specified information; sets forth provisions concerning health data privacy policies; provides that a regulated entity shall not collect, share, or store health data, except in specified circumstances; provides that it is unlawful for any person to sell or offer to sell health data concerning a consumer.
|
Comprehensive
|
|
Illinois
|
H 4247
|
Online Age Verification for Material Harmful to Minors
|
Failed – adjourned.
|
Creates the Online Age Verification for Material Harmful to Minors Act; requires any commercial entity that knowingly or intentionally publishes or distributes material harmful to minors on the internet from a website that contains a substantial portion of such material to verify that any person attempting to access such material is 18 years of age or older; provides that verification must be done through the use of a commercially available database that is regularly used by businesses.
|
Online Children's Privacy
|
|
Illinois
|
H 4290
|
Children and Family Services Act
|
Failed – adjourned.
|
Amends the Children and Family Services Act; prohibits the Department of Children and Family Services from requiring department volunteers to list or provide their Social Security numbers on any form prescribed by the Department that authorizes a criminal history record or background check; requires the department to amend its rule on authorization forms in accordance with the amendatory act; excludes the Social Security number of a department volunteer from the definition of background information.
|
Other Consumer Privacy
|
|
Illinois
|
H 4347
|
Blockchain Technology Act
|
Failed – adjourned.
|
Amends the Blockchain Technology Act; prohibits a public or private entity from requiring an individual to submit a blockchain based identification system as a condition of receiving goods or services from the public or private entity; amends the Biometric Information Privacy Act; prohibits a public or private entity from requiring an individual to provide a biometric identifier or biometric information as a condition of receiving goods or services from the public or private entity.
|
Biometrics or Facial Recognition
|
|
Illinois
|
H 4686
|
Biometric Information Privacy Act
|
Failed – adjourned.
|
Amends the Biometric Information Privacy Act; changes the term written release to written consent; provides that the written policy that is developed by a private entity in possession of biometric identifiers shall be made available to the person from whom biometric information is to be collected or was collected; provides that an action brought under the act shall be commenced within one year after the cause of action accrued if, prior to initiating any action against a private entity.
|
Biometrics or Facial Recognition
|
|
Illinois
|
H 5239
|
Freedom of Information Act
|
Enacted
|
Relates to the location information related to lawful health care and health records related to lawful health care are confidential and exempt from disclosure under the Freedom of Information Act.
|
Location Privacy
|
|
Illinois
|
H 5380
|
Let Parents Choose Protection Act
|
Failed – adjourned.
|
Creates the Let Parents Choose Protection Act; provides that the act may be referred to as Sammy's Law; provides that, before a specified date, or within 30 days after a service becomes a large social media platform after specified date, a large social media platform provider shall create, maintain, and make available to any third-party safety software provider a set of third-party-accessible real time application programming interfaces, including any information necessary to use the interfaces.
|
Online Children's Privacy
|
|
Illinois
|
H 5581
|
Privacy Rights Act
|
Failed – adjourned.
|
Creates the Privacy Rights Act; defines terms such as biometric data, consumer, controller, deidentified data, and processor; creates a consumer protection of privacy in which, with some exceptions, provides an individual with the right to confirm whether or not a controller is processing the consumer's personal data and access such personal data; corrects inaccuracies in the consumer's personal data; deletes personal data provided by or obtained about the consumer.
|
Comprehensive
|
|
Illinois
|
H 5635
|
Biometric Information Privacy Act
|
Failed – adjourned.
|
Amends the Biometric Information Privacy Act; changes the definitions of biometric identifier and written release; defines biometric lock, biometric time clock, electronic signature, person, and security purpose; provides that if the biometric identifier or biometric information is collected or captured for the same repeated process, the private entity is only required to inform the subject or receive consent during the initial collection; waives certain requirements for collecting, capturing.
|
Biometrics or Facial Recognition
|
|
Illinois
|
H 5836
|
Biometric Information Privacy Act
|
Failed – adjourned.
|
Amends the Biometric Information Privacy Act; provides that a private entity that, in more than one instance, collects, captures, purchases, receives through trade, or otherwise obtains the same biometric identifier or biometric information from the same person using the same method of collection in violation of the act has committed a single violation for which the aggrieved person is entitled to, at most, one recovery.
|
Biometrics or Facial Recognition
|
|
Illinois
|
HR 453
|
Family Roots Genealogy Pilot Program
|
Adopted
|
Urges support for the Family Roots Genealogy Pilot Program as it provides African American descendants of enslaved individuals the opportunity to trace their roots back to their ancestral homelands, to reconnect with their ancestral heritage, and to promote their well-being; provides for DNA samples and testing; states that data storage facilities must meet Health Insurance Portability and Accountability Act of 1996 requirements.
|
Genetics;
Other Consumer Privacy
|
|
Illinois
|
HR 535
|
Pharmacy Patient Information Warrant
|
Failed – adjourned.
|
Urges pharmacies in the state to insist on a warrant or court order prior to releasing patient information to protect Americans' reasonable expectations of privacy and constitutional principles; urges the Congress of the specified state to pass further positive legislation to reinforce Americans' reasonable expectations of privacy in medical data and to protect Americans' reasonable expectations of privacy and constitutional principles.
|
Other Consumer Privacy
|
|
Illinois
|
S 2307
|
Commercial Data Collector Tax Act
|
Failed – adjourned.
|
Creates the Commercial Data Collector Tax Act; provides that there shall be a monthly excise tax on the collection of the consumer data of individual state consumers by commercial data collectors, which shall be paid to the Department of Revenue and deposited into the General Revenue Fund; sets forth details regarding the tax to be paid, who qualifies as a consumer for purposes of the tax and alternative methods for collecting the tax; contains provisions concerning required disclosures and rulemaking.
|
Other Consumer Privacy
|
|
Illinois
|
S 2681
|
Criminal Code and Electronic Tracking Device
|
Failed – adjourned.
|
Amends the Criminal Code of 2012; provides that the use of an electronic tracking device to determine the location or movement of a person is a class 4 felony if the violation results in physical injury to the victim of the offense.
|
Location Privacy
|
|
Illinois
|
S 2842
|
State Agency Web Site Act
|
Failed – adjourned.
|
Amends the State Agency Web Site Act; provides that state agency web sites may not use persistent cookies or other tracking software except in specific circumstances; repeals provisions establishing the Internet Privacy Task Force; makes conforming changes.
|
Studies; Website Privacy
|
|
Illinois
|
S 2978
|
Driver and Motor Vehicle Records Data Privacy Law
|
Failed – adjourned.
|
Amends the Vehicle Code; creates the Driver and Motor Vehicle Records Data Privacy Law; provides that the purpose is to comply with the federal Driver's Privacy Protection Act in order to protect the interest of individuals in their personal privacy by prohibiting the disclosure and use of personal information contained in their motor vehicle record, except as authorized by the individual or by law; adds provisions concerning disclosure of Social Security number.
|
Other Consumer Privacy
|
|
Illinois
|
S 2979
|
Biometric Information Privacy Act
|
Enacted
|
Amends the Biometric Information Privacy Act; defines electronic signature as an electronic sound, symbol, or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record; provides that written release includes an electronic signature.
|
Biometrics or Facial Recognition
|
|
Illinois
|
S 3080
|
Protect Health Data Privacy Act
|
Failed – adjourned.
|
Creates the Protect Health Data Privacy Act; provides that a regulated entity shall disclose and maintain a health data privacy policy that clearly and conspicuously discloses specified information; sets forth provisions concerning health data privacy policies; provides that a regulated entity shall not collect, share, or store health data, except in specified circumstances.
|
Other Consumer Privacy
|
|
Illinois
|
S 3319
|
Biometric Information Privacy Act
|
Failed – adjourned.
|
Amends the Biometric Information Privacy Act; defines private entity to mean any individual, partnership, corporation, limited liability company, association, or other group, however organized that employs more than a specified number of individuals.
|
Biometrics
|
|
Illinois
|
S 3324
|
Sammy's Law of 2024
|
Failed – adjourned.
|
Creates Sammy's Law of 2024; requires, before specified date, or within specified days after a service becomes a large social media platform, a large social media platform provider to create, maintain, and make available to any third-party safety software provider a set of third-party-accessible real time application programming interfaces by which a child, or a parent or legal guardian of a child, may delegate permission to the third-party safety software provider to monitor the child's online interaction.
|
Online Children's Privacy
|
|
Illinois
|
S 3334
|
Age-Appropriate Design Code Act
|
Failed – adjourned.
|
Creates the Age-Appropriate Design Code Act; provides that all covered entities that operate in the state and process children's data in any capacity shall do so in a manner consistent with the best interests of children.
|
Online Children's Privacy
|
|
Illinois
|
S 3516
|
Personal Information Protection Act
|
Failed – adjourned.
|
Amends the Personal Information Protection Act; provides that, annually, on or before specified date, a data broker operating in the state shall register with the attorney general; provides that, in registering with the attorney general, a data broker shall pay a registration fee in an amount determined by the attorney general and shall also provide specified information.
|
Information Broker
|
|
Illinois
|
S 3517
|
Privacy Rights Act
|
Failed – adjourned.
|
Creates the Privacy Rights Act; sets forth duties and obligations of businesses that collected consumers' personal information and sensitive personal information to keep such information private; sets forth consumer rights in relation to the collected personal information and sensitive personal information, including the right to delete personal information; corrects inaccurate personal information.
|
Comprehensive
|
|
Indiana
|
H 1036
|
Age Verification to Minors
|
Failed - Adjourned
|
Relates to age verification for material harmful to minors; requires an adult oriented website operator that displays material harmful to minors to use a reasonable age verification method to prevent a minor from accessing an adult oriented website.
|
Online Children's Privacy
|
|
Indiana
|
H 1063
|
Age Verification
|
Failed - Adjourned
|
Relates to age verification; requires an adult oriented website operator that displays material harmful to minors to use a reasonable age verification method to prevent a minor from accessing an adult oriented website; creates a cause of action to permit, the parent or guardian of a child harmed by a violation of the age verification requirement to obtain monetary damages, injunctive relief, and reasonable attorney's fees, and the attorney general.
|
Online Children's Privacy
|
|
Indiana
|
H 1100
|
Sale of Bureau of Motor Vehicles Information
|
Failed - Adjourned
|
Relates to sale of Bureau of Motor Vehicles (BMV) information; prohibits the BMV from selling the personal information of an individual who, is less than 21 years of age, is 65 years of age or older, or opts out of the sale of the individual's personal information; prohibits a person to which the BMV provides such information from selling or disclosing the information; requires the BMV to provide an easily understandable and easily accessible means.
|
Other Consumer Privacy
|
|
Indiana
|
H 1140
|
Age Verification for Material Harmful to Minors
|
Failed - Adjourned
|
Relates to age verification for material harmful to minors; requires an adult oriented website operator that displays material harmful to minors to use a reasonable age verification method to prevent a minor from accessing an adult oriented website; creates a cause of action to permit, the parent or guardian of a child harmed by a violation of the age verification requirement to obtain monetary damages, injunctive relief, and reasonable attorney's fees, and any other person to bring an action.
|
Online Children's Privacy; Other Consumer Privacy
|
|
Indiana
|
H 1295
|
Material Harmful to Minors Age Verification
|
Failed - Adjourned
|
Relates to age verification for material harmful to minors; requires an adult oriented website operator that displays material harmful to minors to use a reasonable age verification method to prevent a minor from accessing an adult oriented website; creates a cause of action to permit, the parent or guardian of a child harmed by a violation of the age verification requirement to obtain monetary damages, injunctive relief, and reasonable attorney's fees.
|
Online Children's Privacy; Other Consumer Privacy
|
|
Indiana
|
H 1314
|
Social Media Use by Minors
|
Failed - Adjourned
|
Relates to social media use by minors; provides that a social media service may not allow a state resident who is a minor to hold an account with the social media service unless the social media service receives written consent to the minors use of the social media service from the minors parent or guardian; requires a social media service to configure the account of a registered user that the social media service knows, or reasonably should know, is, a minor.
|
Online Children's Privacy
|
|
Indiana
|
H 1342
|
Consumer Genetic Testing Providers
|
Failed - Adjourned
|
Relates to consumer genetic testing providers; provides that a person may not discriminate against an individual on the basis of the individual's solicitation and use of consumer genetic testing services or on the basis of the results of genetic testing performed by a provider of consumer genetic testing services (provider); requires a provider to disclose specified information to an individual who submits biological material to the provider for genetic testing.
|
Genetic Privacy
|
|
Indiana
|
S 17
|
Trade Regulation
|
Enacted
|
Provides that an adult oriented website operator may not knowingly or intentionally publish an adult oriented website unless the adult-oriented website operator uses a reasonable age verification method to prevent a minor from accessing the site.
|
Online Children's Privacy; Other Consumer Privacy
|
|
Indiana
|
S 201
|
Minor Use of Mobile Devices and Social Media
|
Failed - Adjourned
|
Relates to minor use of mobile devices and social media; requires the manufacturer of a mobile smart device that incorporates an adult content filter and that is sold in the state after specified date to configure the operating system of the mobile smart device, such that the adult content filter is enabled upon activation of the mobile smart device, and in a manner that reasonably ensures that a minor cannot disable the adult content filter.
|
Online Children's Privacy; Other Consumer Privacy
|
|
Indiana
|
S 284
|
Consumer Genetic Testing Providers
|
Failed - Adjourned
|
Provides that a person may not discriminate against an individual on the basis of the individual’s solicitation and use of consumer genetic testing services or on the basis of the results of genetic testing performed by a provider of consumer genetic testing services; requires a provider to disclose specified information to an individual who submits biological material to the provider for genetic testing; prohibits a provider from taking specified actions; imposes specified requirements on a provider.
|
Genetic Privacy
|
|
Iowa
|
H 572
|
Use of Remotely Piloted Aircraft
|
Enacted
|
Prohibits the use of remotely piloted aircraft flying over certain property and provides penalties.
|
Other Consumer Privacy
|
|
Iowa
|
H 2182
|
Unauthorized Placement of a Global Positioning Device
|
Failed - Adjourned
|
Relates to the unauthorized placement of a global positioning device and provides penalties.
|
Location Privacy
|
|
Iowa
|
H 2185
|
Personal Information of Previous Owner of Motor Vehicle
|
Enacted
|
Relates to personal information of the previous owner of a motor vehicle.
|
Other Consumer Privacy
|
|
Iowa
|
S 201
|
Criminal Offense of Stalking
|
Failed - Adjourned
|
Relates to the criminal offense of stalking committed while using a technological device and provides penalties.
|
Location Privacy
|
|
Iowa
|
S 2117
|
Personal Information of Previous Owner of Motor Vehicle
|
Failed
|
Relates to personal information of the previous owner of a motor vehicle.
|
Other Consumer Privacy
|
|
Iowa
|
S 2145
|
Release of Personal Information
|
Failed - Adjourned
|
Limits the release of personal information maintained by the Department of Transportation to out-of-state persons and makes penalties applicable.
|
Other Consumer Privacy
|
|
Iowa
|
S 2227
|
Obscene Material Available on Devices
|
Failed - Adjourned
|
Relates to obscene material available on devices and imposing civil liability on platforms who publish or distribute obscene material on the internet and includes effective date provisions.
|
Other Consumer Privacy
|
|
Iowa
|
S 2272
|
Consumer Data Protection
|
Failed - Adjourned
|
Relates to consumer data protection; includes effective date provisions. Relates to health and minors.
|
Other Consumer Privacy
|
|
Iowa
|
S 2321
|
Consumer Data Protection
|
Failed - Adjourned
|
Relates to consumer data protection; includes effective date provisions. Relates to health and minors.
|
Other Consumer Privacy
|
|
Kansas
|
H 2592
|
Consumer Protection Regarding Internet Content
|
Failed - Adjourned
|
Relates to requiring the use of age-verification technology to permit access to internet websites containing material that is harmful to minors.
|
Online Children's Privacy; Other Consumer Privacy
|
|
Kansas
|
S 394
|
Consumer Protection Regarding Internet Content
|
Enacted
|
Concerns consumer protection; relates to internet content that is harmful to minors; requires age verification for access to such content; provides for civil penalties for violations; establishes a civil cause of action for damages, attorney fees and costs.
|
Online Children's Privacy; Other Consumer Privacy
|
|
Kentucky
|
H 15
|
Consumer Data Privacy
|
Enacted
|
Relates to consumer data privacy and making an appropriation therefor.
|
Comprehensive
|
|
Kentucky
|
H 24
|
Consumer Data Privacy
|
Failed - Adjourned
|
Establishes consumer rights relating to personal data, including the rights to confirm whether data is being processed, to delete personal data provided by the consumer, to obtain a copy of the consumer's personal data that was previously provided, and to opt out of targeted advertising and the sale of data; defines terms; sets forth the types of data and the persons or entities to which the statutory provisions do and do not apply; sets forth requirements for persons or entities that control and process.
|
Comprehensive
|
|
Kentucky
|
H 45
|
Privacy Protection
|
Failed - Adjourned
|
Defines terms related to automated license plate readers; establishes limitations on use and sale of data captured by automated license plate readers; defines terms and establishes limitations on the use of an unmanned aircraft system; establishes a cause of action for the unauthorized use of an unmanned aircraft system; establishes a statute of limitations for an action filed for the unauthorized use of an unmanned aircraft system; defines terms and establishes limitations on deep fakes.
|
Location Privacy
|
|
Kentucky
|
H 201
|
Biometric Data
|
Failed - Adjourned
|
Defines terms; requires a private entity to develop a written policy and retention schedule for the biometric identifiers it collects; creates restrictions on the collection, capture, purchase, or trade of biometric identifiers; requires disclosure of biometric identifier information per individual request; creates a civil cause of action; clarifies statutory construction; provides that the Act may be cited as the Biometric Identifiers Privacy Act.
|
Biometrics and Facial Recognition
|
|
Kentucky
|
H 278
|
Protection of Children
|
Enacted
|
Provides that the Justice and Public Safety Cabinet shall design, print, and distribute to law enforcement agencies a reporting form which provides statistical information relating to the crimes involving, among other things, childhood sexual assault or abuse; provides that any covered platform that knowingly and intentionally publishes or distributes material on the internet, more than one-third of which is matter harmful to minors, and fails to perform age verification shall be liable for certain damages.
|
Other Consumer Privacy
|
|
Kentucky
|
H 450
|
Protection of Minors
|
Failed - Adjourned
|
Defines terms; prohibits social media companies from allowing minors to create accounts without parental consent; provides means for establishing age and providing parental consent; prohibits retention of personal information obtained through consent process; requires social media companies to provide parents with means for account supervision; authorizes the attorney general to enforce through administrative and judicial action; establishes a private civil cause of action.
|
Online Children's Privacy
|
|
Kentucky
|
H 463
|
Protection of Children Using Social Media
|
Failed - Adjourned
|
Defines terms; specifies what entities are subject to this act; requires digital service providers to register the age of the user; specifies the duties of digital services providers relating to agreements with minors; requires digital service providers to develop internal controls to prevent minors from being exposed to obscene matter, create parental monitoring tools, prevent advertising certain goods and services to minors, and provide information related to algorithms and content promotion.
|
Online Children's Privacy
|
|
Kentucky
|
H 578
|
Data Privacy
|
Failed - Adjourned
|
Prohibits the furnishing of a person's information by a consumer reporting agency to a third party under certain circumstances without the person's consent; provides for enforcement by the attorney general and a private right of action; establishes penalties; authorizes the attorney general to promulgate administrative regulations necessary to effectuate enforcement.
|
Other Consumer Privacy
|
|
Kentucky
|
S 15
|
Consumer Data Privacy
|
Failed - Adjourned
|
Defines terms; sets the parameters for applicability of this act; defines various consumer rights related to data collection; requires a data controller to comply with a consumer request to exercise those rights; requires controllers to establishes a process for consumers to appeal a controller's refusal to act on a consumer's request to exercise a right; sets forth requirements for persons or entities that control or process personal data; requires persons who control data to conduct data protection.
|
Comprehensive
|
|
Kentucky
|
S 165
|
Privacy of Social Security Numbers
|
Failed - Adjourned
|
Amend various sections of the Kentucky Revised Statutes to remove requirements for using a Social Security number as an identifier.
|
Other Consumer Privacy
|
|
Kentucky
|
S 179
|
Violations of Privacy
|
Failed - Adjourned
|
Creates a cause of action for introduction of an identification device.
|
Other Consumer Privacy
|
|
Kentucky
|
S 180
|
Facial Recognition Technology and Biometric Identifiers
|
Failed - Adjourned
|
Restricts use of facial recognition technology and biometric identifiers; creates a cause of action for use of facial recognition technology or biometric identifiers; creates new sections to prohibit use of facial recognition technology as evidence; proposes a new section of the Kentucky Rules of Evidence to make evidence gained from use of facial recognition inadmissible.
|
Biometrics and Facial Recognition
|
|
Kentucky
|
S 345
|
Protection of Children and Internet Usage
|
Failed - Adjourned
|
Defines terms; requires covered entities to complete data protection impact assessments before releasing new products or services; requires covered entities to make data protection impact assessments available to the attorney general upon request; requires covered entities to configure default privacy settings for children at a high level of privacy; requires covered entities to provide tools for parents and guardians to exercise privacy and report concerns.
|
Children's Online Privacy
|
|
Louisiana
|
H 577
|
Commercial Regulations
|
Enacted
|
Relates to data collection of minors; to provide for definitions; provides for legislative findings; provides for prohibitions; provides for protection from liability under certain circumstances; provides for civil fines; provides for enforcement; prohibits social media companies from collecting data to use for targeted advertising to minors.
|
Children's Online Privacy
|
|
Louisiana
|
H 947
|
Consumers and Protection
|
Failed - Adjourned
|
Provides relative to the protection of data.
|
Comprehensive
|
|
Louisiana
|
H 957
|
Motor Vehicles
|
Failed - Adjourned
|
Prohibits vehicle manufacturers and distributors from sharing driver information without the driver's consent.
|
Connected Devices; Other Consumer Privacy
|
|
Louisiana
|
S 428
|
Bank Disclosure Records
|
Enacted
|
Provides for disclosures by a bank or an affiliate; relates to the disclosure of financial records and reimbursement of costs; provides that a bank may disclose financial records pursuant to a disclosure demand if specified conditions are met, including that, prior to the return date, the person requesting the issuance of the disclosure demand furnishes the bank with an affidavit certifying that, among other things, such service was made at least a specified number of business days prior to the return date.
|
Other Consumer Privacy
|
|
Maine
|
H 1094
|
Consumer Control Over Sensitive Personal Data
|
Failed
|
Provides for an individual's privacy regarding the collection and use of biometric identifiers of the individual and personal information connected to the biometric identifiers; requires a written release from an individual before a private entity may obtain or use biometric identifiers and requires the private entity to establish a policy for retention and destruction of the biometric identifiers.
|
Biometrics and Facial Recognition
|
|
Maine
|
H 1217
|
Personal Health Data
|
Failed
|
Protects personal health data.
|
Other Consumer Privacy
|
|
Maine
|
H 1270
|
Data Privacy and Protection Act
|
Failed
|
Enacts the Data Privacy and Protection Act; regulates the collection, use, processing, transfer, sale and deletion of non-publicly available personal data that is linked or reasonably linkable to an individual who is a resident of this state or to a device that is reasonably linkable to an individual who is a resident of this state, referred to in the act as a consumer, by a person that conducts business in this state or that produces products or services targeted to residents of this state.
|
Comprehensive
|
|
Maine
|
S 807
|
Consumer Privacy Act
|
Failed - Adjourned
|
Enacts the state consumer privacy act to entitle consumers to certain rights concerning the use of personal data.
|
Comprehensive
|
|
Maryland
|
H 567
|
Online Data Privacy Act of 2024
|
Enacted
|
Establishes generally the manner in which a controller or a processor may process a consumer's personal data; authorizes a consumer to exercise certain rights regarding the consumer's personal data; requires a controller of personal data to establish a method for a consumer to exercise certain rights in regard to the consumer's personal data.
|
Comprehensive
|
|
Maryland
|
H 603
|
Online Products and Services Consumer Data Protection
|
Enacted
|
Requiring a covered entity that offers an online product reasonably likely to be accessed by children to complete a certain data protection impact assessment under certain circumstances; requires certain privacy protections for certain online products; prohibits certain data collection and sharing practices; authorizes certain monitoring practices.
|
Online Children’s Privacy
|
|
Maryland
|
S 541
|
Online Data Privacy Act of 2024
|
Enacted
|
Regulates the manner in which a controller or a processor in possession of a consumer's personal data may process the consumer's personal data; authorizes a consumer to exercise certain rights in regards to the consumer's personal data; requires a controller of personal data to establish a method for a consumer to exercise certain rights in regards to the consumer's personal data; requires a controller to comply with a request by a consumer to exercise a certain right in a certain manner, with exceptions.
|
Comprehensive
|
|
Maryland
|
S 571
|
Online Products and Services Data of Children
|
Enacted
|
Requires a covered entity that offers an online product reasonably likely to be accessed by children to complete a certain data protection impact assessment under certain circumstances; requiring certain privacy protections for certain online products; prohibiting certain data collection and sharing practices; authorizing certain monitoring practices.
|
Online Children’s Privacy
|
|
Massachusetts
|
H 60
|
Information Privacy and Security Act
|
Pending
|
Relates to the security and the protection of personal information by establishing the Massachusetts Information Privacy and Security Act.
|
Biometrics or Facial Recognition; Comprehensive
|
|
Massachusetts
|
H 63
|
Biometric Information
|
Pending
|
Protects biometric information.
|
Biometrics or Facial Recognition
|
|
Massachusetts
|
H 80
|
Internet Privacy Rights for Children
|
Pending
|
Relates to internet privacy rights for children.
|
Online Children’s Privacy
|
|
Massachusetts
|
H 83
|
Data Privacy Protection Act
|
Pending
|
Establishes the Massachusetts Data Privacy Protection Act.
|
Comprehensive; Biometrics or Facial Recognition; Information Brokers
|
|
Massachusetts
|
H 357
|
Sale of Cell Phone Location Information
|
Pending
|
Relates to banning the sale of cell phone location information.
|
Location Privacy
|
|
Massachusetts
|
H 377
|
Pregnancy Related Services
|
Pending
|
Protects patient privacy and prevent unfair and deceptive advertising of pregnancy-related services.
|
Other Consumer Privacy
|
|
Massachusetts
|
H 386
|
Consumer Health Data
|
Pending
|
Relates to consumer health data.
|
Other Consumer Privacy
|
|
Massachusetts
|
H 395
|
Advertising on the Internet
|
Pending
|
Regulates advertising on the internet.
|
Website Privacy
|
|
Massachusetts
|
H 1049
|
Mortgage Applications Privacy
|
Pending
|
Relates to mortgage applications privacy.
|
Other Consumer Privacy
|
|
Massachusetts
|
H 1488
|
Unauthorized Use of Unmanned Aerial Vehicles
|
Pending
|
Relates to penalties for unauthorized use of unmanned aerial vehicles.
|
Other Consumer Privacy; Connected Devices
|
|
Massachusetts
|
H 1555
|
Personal Data and the Free Movement of Personal Data
|
Pending
|
Provides for protections in the processing of personal data and the free movement of personal data.
|
Comprehensive
|
|
Massachusetts
|
H 1572
|
Motor Vehicle Tracking Devices
|
Pending
|
Relates to prohibiting motor vehicle tracking devices without consent.
|
Location Privacy
|
|
Massachusetts
|
H 1809
|
Tracking of Motor Vehicles
|
Pending
|
Regulates the tracking of motor vehicles.
|
Location Privacy
|
|
Massachusetts
|
H 1893
|
Social Media Consumer Privacy Protection
|
Pending
|
Relates to social media consumer privacy protection.
|
Online Children’s Privacy
|
|
Massachusetts
|
H 3179
|
Internet Service Provider Data
|
Pending
|
Relates to internet service provider data.
|
ISP Privacy
|
|
Massachusetts
|
H 4632
|
Data Privacy Act
|
Pending
|
Relates to establishing the state Data Privacy Act. Specifies when a covered entity or service provider can collect, process or transfer data.
|
Comprehensive; Information Brokers; Biometrics or Facial Recognition; Location Privacy
|
|
Massachusetts
|
S 2770
|
Data Privacy Act
|
Pending
|
Relates to establishing the state Data Privacy Act. Specifies when a covered entity or service provider can collect, process or transfer data.
|
Comprehensive; Information Brokers; Biometrics or Facial Recognition; Location Privacy
|
|
Michigan
|
H 5823
|
Consumer Protections
|
Pending
|
Creates age-appropriate design code act.
|
Online Children’s Privacy
|
|
Michigan
|
S 1082
|
Consumer Protection
|
Pending
|
Creates Reproductive Health Data Privacy Act.
|
Biometrics or Facial Recognition
|
|
Michigan
|
S 1103
|
Veteran Benefits
|
Pending
|
Amends the state Consumer Protection Act to enhance protections for individuals applying for veterans benefits.
|
Other Consumer Privacy
|
|
Minnesota
|
H 2257
|
Minnesota Age-Appropriate Design Code Act
|
Failed - Adjourned
|
Provides that a business that develops and provides online services, products, or features that children are likely to access must consider the best interests of children when designing, developing, and providing that online service, product, or feature; provides for civil penalties.
|
Online Children’s Privacy
|
|
Minnesota
|
H 2309
|
Minnesota Consumer Data Privacy Act
|
Failed - Adjourned
|
Gives various rights to consumers regarding personal data; places obligations on certain businesses regarding consumer data; provides for enforcement by the attorney general; provides that a data privacy and protection assessment collected or maintained by the attorney general is classified; provides that a consumer has the right to confirm whether a controller is processing personal data concerning the consumer and access the categories of personal data the controller is processing.
|
Comprehensive
|
|
Minnesota
|
H 3443
|
Release of Patient Health Records
|
Failed - Adjourned
|
Provides that the state Health Records Act shall be construed to protect the privacy of a patient’s health records in a more stringent manner than provided in the Code of Federal Regulations; provides that a provider, or a person who receives health records from a provider, may not release a patient’s health records to a person without, among other things, a signed and dated consent from the patient or their legally authorized representative authorizing the release, or a specific authorization in state law.
|
Other Consumer Privacy
|
|
Minnesota
|
H 4077
|
Department of Commerce Housekeeping Changes
|
Failed
|
Requires a social media platform to provide default settings for a user that do not: allow the user's account or the user's user-generated content to be discovered by anyone outside the user's existing extended network;
and allow or facilitate user-generated content, or any user's facial or biometric data, to be incorporated into generative artificial intelligence models without the user's explicit consent.
|
Other Consumer Privacy
|
|
Minnesota
|
H 4757
|
Edible Cannabinoid Products
|
Enacted
|
Relates to commerce; modifies appropriations to the Office of Cannabis Management and the Department of Health; modifies cannabis provisions; modifies fees assessed by the Department of Commerce; adds and modifying consumer protection provisions; establishes the Minnesota Consumer Data Privacy Act; authorizes rulemaking; classifies data; makes technical changes.
|
Comprehensive
|
|
Minnesota
|
H 4975
|
State Government Operations and Finance
|
Failed
|
Appropriates funds. Includes appropriations from the general fund appropriation base for the attorney general, with increased funds by $988,000 in fiscal year 2026 and $748,000 in fiscal year 2027 for staffing and other costs related to potential violations, compliance monitoring, and enforcement of the Minnesota Consumer Data Privacy Act.
|
Comprehensive
|
|
Minnesota
|
H 5409
|
Consumer Protection
|
Failed - Adjourned
|
Relates to consumer protection; requires age verification for websites with material harmful to minors; provides for enforcement by the attorney general; creates a private right of action.
|
Online Consumer Privacy
|
|
Minnesota
|
H 5452
|
Consumer Protection
|
Failed - Adjourned
|
Relates to consumer protection; regulates the use of social media for minors ages 15 and younger; requires anonymous age verification for websites harmful to minors.
|
Online Consumer Privacy
|
|
Minnesota
|
S 2915
|
Consumer Data Privacy
|
Failed - Adjourned
|
Relates to consumer data privacy; gives various rights to consumers regarding personal data; places obligations on certain businesses regarding consumer data; provides for enforcement by the attorney general; provides that a data privacy and protection assessment collected or maintained by the attorney general is classified.
|
Comprehensive
|
|
Minnesota
|
S 3710
|
Telecommunications
|
Failed - Adjourned
|
Relates to telecommunications; prohibits collection of personal information absent customer's express written approval.
|
ISP Privacy
|
|
Minnesota
|
S 4199
|
Release of Patient Health Records
|
Failed - Adjourned
|
Modifies requirements for the release of patient health records; provides that sections in the state Health Records Act governing the release or disclosure of patient health records shall be construed to protect the privacy of a patient’s health records in a more stringent manner than provided in the Code of Federal Regulations, Title 45, Part 164, which relates to the privacy of health information.
|
Other Consumer Privacy
|
|
Minnesota
|
S 5518
|
Consumer Protection
|
Failed - Adjourned
|
Relates to consumer protection; requires age verification for websites with material harmful to minors; provides for enforcement by the attorney general; creates a private right of action.
|
Online Children’s Privacy
|
|
Mississippi
|
H 1126
|
Walker Montgomery Protecting Children Online Act
|
Enacted
|
Creates the Walker Montgomery Protecting Children Online Act; requires digital service users to register their age.
|
Online Children’s Privacy
|
|
Mississippi
|
H 1268
|
Project Health Data Privacy Act
|
Failed
|
Establishes the state Project Health Data Privacy Act; defines certain terms; requires regulated entities to disclose and maintain a health data privacy policy that discloses specified information; prescribes requirements for health data privacy policies; prohibits regulated entities from collecting, sharing and storing health data except in specified circumstances; prohibits persons from selling health data concerning a consumer without first obtaining authorization from the consumer.
|
Other Consumer Privacy
|
|
Mississippi
|
H 1375
|
Search Warrant Issuance
|
Failed
|
Prohibits the issuance of a search warrant for electronically stored information relating to menstrual health data.
|
Other Consumer Privacy
|
|
Mississippi
|
S 2531
|
Walker Montgomery Protecting Children Online Act
|
Failed
|
Enacts the Walker Montgomery Protecting Children Online Act; defines terms; specifies the types of digital service providers to be affected by this act; prohibits digital service providers from entering agreements to create accounts with individuals who have not registered their age with the provider; requires the digital service providers to limit collection and use of personal identifying information when entering into an agreement with a known minor.
|
Online Children’s Privacy; Location Privacy
|
|
Missouri
|
H 1584
|
Biometric Information Privacy Act
|
Failed - Adjourned
|
Establishes the Biometric Information Privacy Act.
|
Biometrics or Facial Recognition
|
|
Missouri
|
H 1993
|
Publication of Material Harmful to Minors
|
Failed - Adjourned
|
Establishes provisions relating to civil liability for publishing or distributing material harmful to minors on the internet.
|
Online Children’s Privacy
|
|
Missouri
|
H 2157
|
Standards To Promote Digital Safety of Minors
|
Failed - Adjourned
|
Establishes standards to promote the safety of minors using the internet and social media.
|
Online Children’s Privacy
|
|
Missouri
|
H 2375
|
ID Requirements for Pornographic Materials
|
Failed - Adjourned
|
Creates requirement that users must provide government-issued identification prior to viewing pornographic materials provided by commercial entities on the internet.
|
Consumer Data Privacy; Online Children’s Privacy
|
|
Missouri
|
H 2594
|
Biometric Information Privacy Act
|
Failed - Adjourned
|
Establishes the Biometric Information Privacy Act.
|
Biometrics or Facial Recognition
|
|
Missouri
|
H 2900
|
Reproductive or Sexual Health Application Information
|
Failed - Adjourned
|
Creates provisions relating to the use of reproductive or sexual health application information.
|
Other Consumer Privacy
|
|
Missouri
|
S 1501
|
Disclosure of Personal Information Online
|
Failed - Adjourned
|
Creates provisions relating to the disclosure of personal information online.
|
Internet Privacy
|
|
Montana
|
None
|
|
|
n/a
|
|
|
Nebraska
|
L 308
|
Genetic Information Privacy Act
|
Enacted
|
Provides that to safeguard the privacy, confidentiality, security, and integrity of a consumers genetic data, a direct-to-consumer genetic testing company shall, among other things, provide clear and complete information regarding the company’s policies and procedures for collection, use, or disclosure of genetic data by making available to a consumer, among other things, a high-level privacy policy overview that includes basic information about the company’s collection, use, or disclosure.
|
Genetics Privacy; Other Consumer Privacy
|
|
Nebraska
|
L 954
|
Biometric Autonomy Liberty Law Adoption
|
Failed - Adjourned
|
Adopts the Biometric Autonomy Liberty Law. Provides biometric data is the property of the individual from whom the data was collected. An individual may sell the right to use his or her biometric data.
|
Biometrics
|
|
Nebraska
|
L 1074
|
Data Privacy Act
|
Enacted
|
Relates to data privacy act; defines terms; provides applicability.
|
Comprehensive
|
|
Nebraska
|
L 1092
|
Online Age Verification Liability Act
|
Enacted
|
Provides that a commercial entity shall not knowingly and intentionally publish or distribute material harmful to minors on the internet on a website that contains a substantial portion of such material unless the entity uses a reasonable age verification method to verify the age of an individual attempting to access the material; provides that a person aggrieved by a violation of this act may bring a civil action against the commercial entity or third party which engaged in that violation.
|
Children’s Online Privacy
|
|
Nebraska
|
L 1224
|
Mobile Tracking Devices Certain Conduct Prohibition
|
Failed - Adjourned
|
Prohibits certain conduct relating to mobile tracking devices and change provisions relating to intercepted communications.
|
Location Privacy
|
|
Nebraska
|
L 1294
|
Data Privacy Act
|
Failed - Adjourned
|
Adopts the Data Privacy Act, change provisions relating to certain certificates and information relating to vital records, and provide for certain records to be exempt from public disclosure.
|
Comprehensive
|
|
Nebraska
|
LR 20
|
Protect the Right of Individual Privacy
|
Failed - Adjourned
|
Constitutional amendment to protect the right of individual privacy.
|
Constitutional Amendment
|
|
Nevada
|
No regular 2024 session
|
|
|
n/a
|
|
|
New Hampshire
|
H 314
|
Expectation of Privacy
|
Failed - Adjourned
|
Regulates the collection, retention, and use of personal information and establishes a cause of action for violations of an individual’s expectation of privacy in personal information; provides that unless specifically authorized by law, third party providers of information and services shall not disclose personal information of an individual to anyone unless under specified conditions.
|
Biometrics or Facial Recognition
|
|
New Hampshire
|
H 1220
|
Racial and Educational Data
|
Enacted
|
Relates to vital records; abolishes the collection of racial and educational data for use in a marital application worksheet; delineates notice requirements and procedures regarding consumer privacy rights; provides that the controller shall provide consumers with a clear and meaningful privacy notice in a reasonably accessible format; provides that the controller may make the notice available online, on mobile applications, or on a device through which consumers regularly interact with the controller.
|
Comprehensive; Other Consume Privacy
|
|
New Hampshire
|
H 1256
|
Internet Material Harmful to Minors
|
Failed
|
Establishes liability for publisher and distributors of internet material harmful to minors.
|
Online Children’s Privacy
|
|
New Hampshire
|
H 1273
|
Protection of Personal Information in Driver Licenses
|
Failed - Adjourned
|
Adds restrictions on the use of personal information from driver licenses.
|
Other Consumer Privacy
|
|
New Hampshire
|
H 1535
|
Digital Identification Systems
|
Failed
|
Prohibits mandatory participation in any type of digital identification.
|
Other Consumer Privacy
|
|
New Hampshire
|
H 1695
|
Student Personally Identifiable Information
|
Failed - Adjourned
|
Provides that student personally identifiable information shall only be transferred to a third party on the condition that such party will not permit any other party to have access to such information without the written consent of the parents of the student in accordance with Family Educational Rights and Privacy Act consent exceptions; provides that if such data is released to a third party, parents of the student shall be informed a specified number of school days before the release date.
|
Other Consumer Privacy
|
|
New Hampshire
|
S 255
|
Consumer Expectation of Privacy
|
Enacted
|
Provides that a consumer shall have the right to, among other things, confirm whether or not a controller is processing the consumers personal data and access such personal data, unless such confirmation or access would require the controller to reveal a trade secret; provides that a controller, defined as an entity who determines the purpose and means of processing personal data, shall, among other things, limit the collection of personal data to what is adequate, relevant and reasonably necessary.
|
Comprehensive
|
|
New Hampshire
|
S 469
|
Surveillance of a Park and Ride Facility
|
Enacted
|
Allows surveillance of a park and ride facility in certain circumstances, including where surveillance is undertaken by a private legal entity that is leasing, or otherwise operating on behalf of the Department of Transportation, a park and ride facility from the state pursuant to a lease or agreement for at least a specified number of years.
|
Other Consumer Privacy
|
|
New Hampshire
|
S 502
|
Scanning of Drivers Licenses by Real Estate Brokers
|
Enacted
|
Relates to the scanning of drivers licenses by real estate brokers; clarifies that licensed real estate brokers may scan, record, retain, or store electronic information collected with a license holders consent for a period lasting until the closing date or upon the license holders request, for the purpose of identifying ownership as part of a sale; provides that the real estate broker shall not retain the scanned license for a period of longer than the closing date or when requested by the license holder.
|
Other Consumer Privacy
|
|
New Jersey
|
A 391
|
Internet Subscribers Confidential Personal Information
|
Pending
|
Requires internet service providers to keep confidential subscriber's personally identifiable information unless subscriber authorizes internet service provider in writing to disclose information.
|
ISP Privacy
|
|
New Jersey
|
A 1381
|
Disclosure of Data Recording Devices in Motor Vehicles
|
Pending
|
Requires disclosure of data recording devices in motor vehicles; limits access to recorded data.
|
Connected Devices; Location Privacy
|
|
New Jersey
|
A 1488
|
Biometric Identifier Information Collection
|
Pending
|
Prohibits collection of biometric identifier information by public or private entity under certain circumstances.
|
Biometrics or Facial Recognition
|
|
New Jersey
|
A 1494
|
Business Biometric Surveillance System Prohibition
|
Pending
|
Prohibits use of biometric surveillance system by business entity under certain circumstances.
|
Biometrics or Facial Recognition
|
|
New Jersey
|
A 1540
|
Offense of Tracking for Unlawful Purpose
|
Pending
|
Creates offense of tracking for unlawful purpose; imposes enhanced penalties.
|
Location Privacy
|
|
New Jersey
|
A 1662
|
Mental Health Care Professionals
|
Pending
|
Prohibits mental health care professionals from disclosing, and health insurance carriers from demanding, certain information concerning behavioral health care services provided to patients.
|
Other Consumer Privacy
|
|
New Jersey
|
A 1879
|
Children’s Data Protection Commission
|
Pending
|
Concerns social media privacy and data management for children and establishes New Jersey Children's Data Protection Commission.
|
Online Children’s Privacy; Studies
|
|
New Jersey
|
A 1902
|
Disclosure and Accountability Transparency Act
|
Pending
|
Relates to state Disclosure and Accountability Transparency Act (DATA); establishes certain requirements for disclosure and processing of personally identifiable information; establishes Office of Data Protection and Responsible Use in Division of Consumer Affairs.
|
Comprehensive; Biometrics or Facial Recognition
|
|
New Jersey
|
A 1905
|
Public Awareness of Privacy Laws
|
Pending
|
Requires Department of Human Services to take action to raise public awareness of privacy laws that prevent disclosure of health care enrollment information to immigration authorities.
|
Other Consumer Privacy
|
|
New Jersey
|
A 2184
|
Data Brokers Registration
|
Pending
|
Requires registration of data brokers; prohibits brokering of certain health records.
|
Information Brokers
|
|
New Jersey
|
A 2419
|
Mobile Service Provider Third Party Restrictions
|
Pending
|
Prohibits providers of commercial mobile service and developers of mobile application from disclosing customer's global position system data to third parties under certain circumstances.
|
Location Privacy
|
|
New Jersey
|
A 2469
|
Cloud Computing Service School Data
|
Pending
|
Prohibits cloud computing service providers from disclosing data collected from public, private, or charter schools.
|
Other Consumer Privacy
|
|
New Jersey
|
A 2584
|
Commercial Internet Websites Consumer Information
|
Failed
|
Requires notification to consumers of collection and disclosure of personal data by certain entities.
|
Internet Privacy
|
|
New Jersey
|
A 2948
|
Real Time Access to Motor Vehicle Data
|
Pending
|
Requires vehicle manufacturers to provide real-time access to motor vehicle data to vehicle owners and representatives.
|
Location Privacy; Connected Devices
|
|
New Jersey
|
A 3591
|
Tracking and Location Activities
|
Pending
|
Creates a fourth-degree crime to engage in certain tracking and location activities.
|
Location Privacy
|
|
New Jersey
|
A 3859
|
Rental Car Company Notice
|
Pending
|
Provides that a rental car company shall provide notice advising renters to unpair personal devices from a rented vehicle and to delete their personal information from the motor vehicles computer system upon returning the vehicle to the rental car company; provides that the notice shall be posted at the return area of a rental car company’s premises; provides that the notice also may be posted on the rental car company’s website or in the rental agreement; specifies civil penalties for violations.
|
Connected Devices; Other Consumer Privacy; Location Privacy
|
|
New Jersey
|
A 4146
|
Online Material Age Verification Requirements
|
Pending
|
Requires entities to verify age of persons accessing certain online material and prohibits minors from accessing certain online material.
|
Online Children’s Privacy
|
|
New Jersey
|
A 4314
|
Reproductive Health Care Services Personal Data
|
Pending
|
Expands definition of personal data to include use of reproductive health care services and prohibits collection of reproductive health care prescription drugs from Prescription Monitoring Program.
|
Other Consumer Privacy
|
|
New Jersey
|
A 5017
|
Insurance Support Organizations Personal Data
|
Pending
|
Exempts certain personal information collected by insurance support organizations from certain requirements concerning notification and disclosure of personal data.
|
Comprehensive
|
|
New Jersey
|
S 332
|
New Jersey Data Privacy
|
Enacted
|
Requires notification to consumers of collection and disclosure of personal data by certain entities.
|
Comprehensive
|
|
New Jersey
|
S 549
|
Tracking Devices and Tracking Applications
|
Pending
|
Makes it a fourth degree crime to engage in certain tracking and location activities; concerns electronic tracking devices and tracking applications.
|
Location Privacy
|
|
New Jersey
|
S 968
|
Facial Recognition Technology Uses
|
Pending
|
Prohibits use of facial recognition technology on consumers expect for legitimate safety purposes.
|
Biometrics or Facial Recognition
|
|
New Jersey
|
S 1139
|
Real Time Access to Motor Vehicle Data
|
Pending
|
Requires vehicle manufacturers to provide real time access to motor vehicle data to vehicle owners and representatives.
|
Connected Devices
|
|
New Jersey
|
S 1389
|
Consumer Notification and Personal Data Disclosure
|
Failed
|
Requires notification to consumers of collection and disclosure of personal data by certain entities; concerns online services, consumers, and personal data.
|
Comprehensive
|
|
New Jersey
|
S 1959
|
Children Data Protection Commission
|
Pending
|
Concerns social media privacy and data management for children and establishes the state Children's Data Protection Commission.
|
Online Children’s Privacy; Studies
|
|
New Jersey
|
S 2052
|
Personal Identifiable Information Disclosures
|
Pending
|
Regards the New Jersey Disclosure and Accountability Transparency Act (NJ DATA); establishes certain requirements for disclosure and processing of personally identifiable information; establishes Office of Data Protection and Responsible Use in Division of Consumer Affairs.
|
Comprehensive
|
|
New Jersey
|
S 2112
|
Individually Identifiable Health Information
|
Pending
|
Prohibits teaching staff members from inputting information and conversations regarding individually identifiable health information into third party software applications managed by entities engaging in partisan political activity.
|
Other Consumer Privacy
|
|
New Jersey
|
S 2349
|
Data Brokers
|
Pending
|
Requires registration of data brokers and prohibits brokering of certain health records.
|
Information Brokers
|
|
New Jersey
|
S 2845
|
Rental Car Customer Information
|
Pending
|
Requires rental car company to delete personal information of customer from motor vehicle computer system upon return of vehicle.
|
Connected Devices; Other Consumer Privacy
|
|
New Jersey
|
S 3027
|
Social Care Information Use
|
Pending
|
Regulates use of social care information. Prohibits a participating organization to not sell or license social care information that is stored in or transmitted through a closed-loop referral system.
|
Other Consumer Privacy
|
|
New Jersey
|
S 3181
|
Biometric Identifier Information Collection
|
Pending
|
Prohibits collection of biometric identifier information by public or private entity under certain circumstances.
|
Biometrics or Facial Recognition
|
|
New Jersey
|
S 3182
|
Business Biometric Surveillance Systems
|
Pending
|
Prohibits use of biometric surveillance system by business entity under certain circumstances.
|
Biometrics or Facial Recognition
|
|
New Jersey
|
S 3491
|
Legally Protected Health Care Activities
|
Pending
|
Secures protections for patients and providers accessing and providing legally protected health care activities; establishes right of residents to legally protected health care services, which are restricted in other states.
|
Biometrics or Facial Recognition
|
|
New Jersey
|
S 3493
|
Reproductive Health Care Medical Information
|
Pending
|
Requires affirmative written consent for certain entities to disclose individual's medical information regarding reproductive health care services, with limited exceptions, unless disclosure is necessary to provide those services.
|
Biometrics or Facial Recognition
|
|
New Mexico
|
H 295
|
Protection of Minors from Harmful Material
|
Failed - Adjourned
|
Relates to protection of minors from harmful material.
|
Children’s Online Privacy
|
|
New Mexico
|
S 68
|
Age Appropriate Design Code Act
|
Failed - Adjourned
|
Relates to Age Appropriate Design Code Act.
|
Children’s Online Privacy
|
|
New York
|
A 48
|
Multiple Dwelling Law
|
Pending
|
Amends the multiple dwelling law and the multiple residence law, in relation to the use of smart access systems and the information that may be gathered from such systems.
|
Biometrics or Facial Recognition; Other Consumer Privacy; Location Privacy
|
|
New York
|
A 322
|
Use of a Facial Recognition System by Landlord
|
Pending
|
Prohibits the use of a facial recognition system by a landlord on any residential premises.
|
Biometrics or Facial Recognition
|
|
New York
|
A 417
|
Disclosure of Personal Information by Businesses
|
Pending
|
Restricts the disclosure of personal information by businesses; provides that a business that retains a customer's personal information shall make available to the customer free of charge access to, or copies of, all the customer's personal information retained by the business.
|
Comprehensive
|
|
New York
|
A 423
|
Sharing of Personal Identifiable Information
|
Pending
|
Requires consent prior to sharing personally identifiable information to a data dashboard operator with third party contractors.
|
Online Children’s Privacy
|
|
New York
|
A 1362
|
Biometric Privacy Act
|
Pending
|
Establishes the Biometric Privacy Act; requires private entities in possession of biometric identifiers or biometric information to develop a written policy establishing a retention schedule and guidelines for permanently destroying biometric identifiers and biometric information when the initial purpose for collecting or obtaining such identifiers or information has been satisfied or within three years of the individual's last interaction with the private entity, whichever occurs first.
|
Biometrics or Facial Recognition
|
|
New York
|
A 1731
|
Insurer Demands for Personal and Financial Information
|
Pending
|
Restricts insurers from demanding intrusive personal, financial and tax information from insureds as a standard practice in processing ordinary theft claims where no special circumstances warranting a demand for such information exists.
|
Other Consumer Privacy
|
|
New York
|
A 4983
|
New York Health Information Privacy Act
|
Pending
|
Amends the general business law, in relation to providing for the protection of health information.
|
Other Consumer Privacy
|
|
New York
|
A 8149
|
Child Data Protection Act
|
Pending
|
Establishes the New York Child Data Protection Act.
|
Online Children’s Privacy
|
|
New York
|
A 8853
|
Use of Biometric Identifying Technology in Schools
|
Pending
|
Prohibits the use of biometric identifying technology in schools for any reason other than specified purposes.
|
Biometrics or Facial Recognition
|
|
New York
|
A 9616
|
Vehicle Manufacturers
|
Enacted
|
Relates to remote vehicle technology and domestic violence victims; provides that a request by a driver that a vehicle manufacturer and/or dealer terminate an individual’s access to remote vehicle technology shall include specified information, including proof of such drivers legal possession of a vehicle manufactured by such vehicle manufacturer or sold by such dealer and a written attestation that the person making such request is a victim of domestic violence.
|
Connected Devices
|
|
New York
|
A 9924
|
Rental Vehicles
|
Pending
|
Requires rental vehicle company to include in the car rental agreement a clause instructing the renter to remove their personal information from vehicles before returning the vehicle and have the option to place inside all rental vehicles a decal instructing renters to remove their personal information from the vehicle before returning the vehicle.
|
Connected Devices
|
|
New York
|
A 10029
|
Motor Vehicle Manufacturers
|
Pending
|
Prohibits motor vehicle manufacturers from using or disclosing to a third party any data regarding the driving behavior of consumers for use by a motor vehicle insurer.
|
Connected Devices
|
|
New York
|
A 10067
|
Court Order Regarding Connected Devices
|
Pending
|
Provides that upon motion and after an opportunity to be heard, a court may order the defendant in a family offense proceeding to turn control of a connected device over to a family or household member or, if that is not possible, to have such connected device disabled by the manufacturer.
|
Internet Privacy
|
|
New York
|
A 10125
|
Access to Patient Clinical Records
|
Pending
|
Allows direct descendants of a patient who has been deceased for a period of 50 years or longer to access such patient's clinical records.
|
Other Consumer Privacy
|
|
New York
|
A 10392
|
Sharing or Selling Personal Data to Third Parties
|
Pending
|
Prohibits sharing or selling personal data to third parties by government entities and contractors.
|
Other Consumer Privacy
|
|
New York
|
S 158
|
New York Health Information Privacy Act
|
Pending
|
Provides that, in general, it shall be unlawful for a regulated entity to, among other things, sell an individuals regulated health information to a third party, or otherwise process an individuals regulated health information unless under certain conditions, including but not limited to protecting against malicious, fraudulent, or illegal activity and detecting, responding to, or preventing security incidents or threats; provides that the attorney general may bring an action for violations.
|
Information Brokers; Location Privacy; Other Consumer Privacy
|
|
New York
|
S 365
|
Privacy Act
|
Pending
|
Relates to the management and oversight of personal data; relates to enacting the New York Privacy Act.
|
Information Brokers; Comprehensive
|
|
New York
|
S 507
|
Wellness Program Privacy Act
|
Pending
|
Establishes the Wellness Program Privacy Act; requires employers and insurers to take certain measures to protect the security of wellness program participants' private information.
|
Other Consumer Privacy
|
|
New York
|
S 514
|
Manufacturers of Smart Speakers
|
Pending
|
Requires manufacturers of smart speakers to obtain signed written permission from users before storing voice recordings.
|
Connected Devices
|
|
New York
|
S 1298
|
Use of Voice Recognition Features on Products
|
Pending
|
Provides that a person or entity shall not provide the operation of a voice recognition feature within this state without prominently informing, during the initial setup or installation of a connected device, either the user or the person designated by the user to perform the initial setup or installation of the connected device of the functions of the device, that the device may be recording the user, and that the entity that makes the device may be retaining these recordings.
|
Connected Devices
|
|
New York
|
S 2078
|
Use of Electronic or Computerized Entry Systems
|
Pending
|
Relates to the use of smart access systems and the information that may be gathered from such systems; provides that where an owner installs or plans to install a smart access system on any entrance from the street, passageway, court, yard, cellar, or other common area of a class a multiple dwelling, such system shall not rely solely on a web-based application to facilitate entrance but shall also include a key fob, key card, digital key or passcode for tenant use.
|
Biometrics or Facial Recognition
|
|
New York
|
S 3163
|
Disclosure of Personal Information by Businesses
|
Pending
|
Restricts the disclosure of personal information by businesses; provides that a business that retains a customer's personal information shall make available to the customer free of charge access to, or copies of, all the customer's personal information retained by the business.
|
Comprehensive; Other Consumer Privacy
|
|
New York
|
S 4457
|
Biometric Privacy Act
|
Pending
|
Establishes the Biometric Privacy Act; requires private entities in possession of biometric identifiers or biometric information to develop a written policy establishing a retention schedule and guidelines for permanently destroying biometric identifiers and biometric information when the initial purpose for collecting or obtaining such identifiers or information has been satisfied or within three years of the individual's last interaction with the private entity, whichever occurs first.
|
Biometrics or Facial Recognition
|
|
New York
|
S 5505
|
Crime of Stalking in the Fourth Degree
|
Pending
|
Redefines the term following for a crime of stalking in the fourth degree to include the use of certain devices or computers to gain access to, record, track or report the movement or location of a person or their property without the person's permission or authority to do so.
|
Location Privacy
|
|
New York
|
S 7695
|
Child Data Protection Act
|
Enacted
|
Provides that an operator shall not process, or allow a processor to process, the personal data of a covered user collected through the use of a website, online service, online application, mobile application, or connected device, or allow a third-party operator to collect the personal data of a covered user collected through the operators website, online service, online application, mobile application, or connected device, with certain exceptions.
|
Online Children’s Privacy
|
|
New York
|
S 7851
|
Deletion of Consumer Financial Information
|
Pending
|
Requires a business to delete a consumer's financial information after cancellation of an automatic renewal or continuous service, unless such consumer has affirmatively consented to retention of such financial information; requires such business to notify such consumer of such deletion.
|
Other Consumer Privacy
|
|
New York
|
S 7879
|
Commissioner of Health
|
Pending
|
Provides that the commissioner of health shall require any health information system or electronic health record system that electronically stores or maintains medical information, electronic health records, personal health records, health care claims, payment and other administrative data to develop capabilities, policies, and procedures to segregate health information related to, among others, reproductive health, gender-affirming care, diagnosis and treatment of STIs or HIV, and mental health services.
|
Other Consumer Privacy
|
|
New York
|
S 7907
|
Commission to Study EU Protection Data Regulation
|
Pending
|
Establishes a commission to study the European Union's general protection data regulation and the current state of cyber security in the state.
|
Studies
|
|
New York
|
S 8209
|
Artificial Intelligence Bill of Rights
|
Pending
|
Enacts the state Artificial Intelligence Bill of Rights to provide residents of the state with rights and protections to ensure that any system making decisions without human intervention impacting their lives do so lawfully, properly, and with meaningful oversight.
|
Other Consumer Privacy
|
|
New York
|
S 8601
|
Mandatory Iris and Retina Scanning of Employees
|
Pending
|
Amends the Labor Law; prohibits fingerprinting or mandatory iris and retina scanning of employees; provides that, with certain exceptions, no person, as a condition of securing employment or of continuing employment, shall be required to be fingerprinted or undergo mandatory iris and retina scanning.
|
Biometrics or Facial Recognition
|
|
New York
|
S 9174
|
Remote Vehicle Technology and Domestic Violence Victims
|
Pending
|
Provides that a vehicle manufacturer or dealer located in the state shall terminate an individual’s access to remote vehicle technology under certain circumstances; provides that such request shall include specified information, including, among other things, a vehicle title and a written attestation that the person making such request is a victim of domestic violence; provides civil penalties for violations.
|
Connected Devices; Location Privacy
|
|
New York
|
S 9284
|
Rental Vehicles
|
Pending
|
Requires rental vehicles have any personal information removed from the vehicle once returned.
|
Connected Devices;
|
|
New York
|
S 9540
|
Data Brokers
|
Pending
|
Prohibits data brokers from selling the personal information of current and former military servicemembers or their households without consent.
|
Information Brokers
|
|
North Carolina
|
None
|
|
|
n/a
|
|
|
North Dakota
|
No regular 2024 session
|
|
|
n/a
|
|
|
Ohio
|
H 49
|
Availability of Hospital Price Information
|
Pending
|
Regards facility fees and the availability of hospital price information. Prohibits a hospital to use, sell, or process personal data acquired from the use of the hospital's internet-based price estimator tool by a person in this state for the purposes of targeted advertising.
|
Other Consumer Privacy
|
|
Ohio
|
H 450
|
Prohibit Certain Offenses with Unmanned Aerial Vehicle
|
Pending
|
Prohibits voyeurism, criminal trespass, and aggravated criminal trespass using an unmanned aerial vehicle system.
|
Location Privacy
|
|
Ohio
|
S 212
|
Pornographic Material Distribution
|
Pending
|
Prohibits businesses from distributing pornographic material over the internet without verifying that the persons accessing that material are not juveniles.
|
Online Children’s Privacy
|
|
Oklahoma
|
H 3008
|
Crimes and Punishments
|
Failed - Adjourned
|
Relates to crimes and punishments; defines terms; makes commercial entities liable for publishing or distributing material harmful to minors under certain circumstances; prohibits commercial entities from retaining identifying information; provides for damages, court costs, and reasonable attorney fees; provides exceptions; provides for codification; provides an effective date.
|
Online Children’s Privacy
|
|
Oklahoma
|
H 3097
|
Crimes and Punishments
|
Failed - Adjourned
|
Relates to crimes and punishments; defines terms; makes commercial entities liable for publishing or distributing obscene material on the internet; provides internet and cellular service subscribers the opportunity to make certain request; requires commercial entities to block access without charge; establishes liability provisions for violations; provides exemptions from liability; prohibits the retention of identifying information.
|
Online Children’s Privacy
|
|
Oklahoma
|
H 3277
|
Student Digital Safety and Awareness Act
|
Failed - Adjourned
|
Relates to schools; relates to boards of education; relates to policies; relates to platform; relates to date collection. Requires public school boards of education to adopt and implement digital safety policies to enhance digital safety measures at school and utilize the vendor selected pursuant to subsection E of this section to provide a digital monitoring platform to ensure compliance.
|
Other Consumer Privacy
|
|
Oklahoma
|
H 3647
|
Biometric Information Privacy Act
|
Failed - Adjourned
|
Relates to biometric information; creates the Biometric Information Privacy Act; provides definitions; directs private entities to develop policy; provides guidelines for policy; directs that certain actions be taken by private entities before obtaining biometric identifiers or information; prohibits certain uses of biometric information; prohibits certain dissemination of biometric information; provides exceptions; mandates that private entities follow certain standards in handling biometric identifiers.
|
Biometrics or Facial Recognition
|
|
Oklahoma
|
H 3914
|
Reasonable Age Verification
|
Failed - Adjourned
|
Relates to social media; defines terms; requires reasonable age verification; requires parental consent; establishes certain liability for social media companies; establishes certain liability for commercial entities and third-party vendors; provides for codification; provides an effective date.
|
Online Children’s Privacy
|
|
Oklahoma
|
S 1868
|
Consumer Protection
|
Failed - Adjourned
|
Relates to consumer protection; prohibits any website from requiring identity verification; provides for violation; provides for codification; provides an effective date.
|
Internet Privacy
|
|
Oklahoma
|
S 1959
|
Consumer Protection
|
Enacted
|
Relates to consumer protection; defines terms; allows for damages to be sought under certain conditions; prohibits commercial entities from distributing certain material without verification; provides for lawful access to certain material; prevents a commercial entity from being held liable under certain conditions; prohibits a commercial entity from retaining individual's information; exempts certain providers; requires attorney general to take certain action.
|
Comprehensive
|
|
Oklahoma
|
S 1960
|
Material Harmful To Minors
|
Failed - Adjourned
|
Relates to material harmful to minors; relates to definitions; updates statutory references; updates statutory language; directs commercial entities to establish age verification methods to prevent minors from accessing harmful material; prohibits retention of certain identifying information; establishes certain liability; provides specific exceptions; provides for codification; provides an effective date.
|
Online Children’s Privacy
|
|
Oregon
|
None
|
|
|
|
|
|
Pennsylvania
|
H 416
|
Stalking
|
Pending
|
Relates to assault; provides for the offense of stalking; specifies when a person commits the crime of stalking; provides that a person commits the offense of unauthorized location tracking when the person installs or places a technological device or causes the technological device to be placed on the person or property of another person to determine or monitor the location or movement of another person; provides exceptions for certain law enforcement officers.
|
Location Privacy
|
|
Pennsylvania
|
H 1201
|
Consumer Data Privacy Act
|
Pending
|
Provides for consumer data privacy, for duties of controllers, and for duties of processors; provides for penalties, enforcement, and private rights of action; provides that beginning on specified date and a specified number of months from that date, the attorney general shall, prior to initiating an action for a violation of a provision of the Consumer Data Privacy Act, issue a notice of violation to the controller or processor if the attorney general determines that a cure is possible.
|
Comprehensive
|
|
Pennsylvania
|
H 1879
|
Online Safety Protection Act
|
Pending
|
Provides for the duties of covered entities to protect the best interests of children that use online services, products or features; provides for data protection impact assessments; prohibits certain actions by covered entities; imposes civil penalties; defines, among other terms, the best interests of children as the use of the personal data of children or the design of the online product in a way that will not infringe on a child's access to information.
|
Online Children’s Privacy
|
|
Pennsylvania
|
H 1947
|
Consumer Data Privacy
|
Pending
|
Provides for consumer data privacy, for rights of consumers and duties of businesses relating to the collection of personal information, and for duties of the attorney general.
|
Comprehensive
|
|
Pennsylvania
|
H 2017
|
Protection of Minors on Social Media
|
Pending
|
Provides for the protection of minors on social media; provides that a social media platform that conducts business in the commonwealth shall provide and maintain a clear and easily accessible mechanism for individual users to report incidents of hateful conduct; provides that the mechanism shall meet specified criteria, including that it is clearly accessible to users of the social media platform and easily accessed from other social media platforms applications and internet websites.
|
Online Children’s Privacy
|
|
Pennsylvania
|
H 2627
|
Consumer Genetic Testing Companies
|
Pending
|
Provides for duties of direct-to-consumer genetic testing companies and for prohibition on disclosure of genetic data of consumers; imposes civil penalties.
|
Genetic Privacy
|
|
Pennsylvania
|
HR 289
|
Recognition Resolution
|
Adopted
|
Recognizes a specified week as Data Privacy Week.
|
|
|
Pennsylvania
|
S 342
|
School Safety Practices
|
Pending
|
Amends the Public School Code; provides for school safety practices and for student online personal data safety practices; imposes penalties; makes an appropriation; makes editorial changes.
|
Other Consumer Privacy
|
|
Pennsylvania
|
S 1279
|
Consumer Data Privacy
|
Pending
|
Provides for consumer data privacy, for duties of controllers and for duties of processors; imposes penalties.
|
Comprehensive
|
|
Puerto Rico
|
H 262
|
Cyber Privacy Protection Law
|
Enacted
|
Creates the Law for the Protection of Cyber Privacy of Our Children and Young People in order to prohibit any operator, employee or agent of an internet page classified as a social network, as defined herein, from publishing and or disclose personal information of underage users residing in Puerto Rico, beyond the name and city where they reside, without the express consent of these and that of the father, mother or guardian with parental authority.
|
Online Children’s Privacy; Internet Privacy
|
|
Puerto Rico
|
H 1243
|
Technological Device
|
Enacted
|
Relates to technological device; establishes, as an aggravating circumstance to the penalty corresponding to the crime of mistreatment, the use, at except for one occasion, any technological device to determine or monitor the location or movement of a person, or their private property, without the prior express authorization of said person.
|
Location Privacy
|
|
Rhode Island
|
H 7787
|
Rhode Island Data Transparency and Privacy Protect Act
|
Enacted
|
Creates the Rhode Island Data Transparency and Privacy Protect Act for data privacy protections for the personal data of the citizens, requiring any person or entity that processes personal data to identify all categories of information the controller collects, when the controller may disclose such information, how a customer may exercise their consumer rights, the purpose for processing the personal data, categories of personal data share with a third party, and means to contact the controller.
|
Comprehensive
|
|
Rhode Island
|
H 7798
|
Stalking a Misdemeanor Crime
|
Pending
|
Makes it a misdemeanor to harass another person by following them and using an electronic device to record their movements in any public or private place.
|
Location Privacy
|
|
Rhode Island
|
S 2145
|
Student Computer Device Privacy
|
Pending
|
Prohibits an educational institution or school district from accessing any audio or video recording, transmitting or recording function on a student’s institutional or personal device or using location data for tracking a student’s institutional device or personal device, or allow a third party to do so, except in limited circumstances.
|
Student; Location Privacy
|
|
Rhode Island
|
S 2500
|
Data Transparency and Privacy Protection Act
|
Enacted
|
Creates the Rhode Island Data Transparency and Privacy Protect Act for data privacy protections for the personal data of the citizens, requiring any person or entity that processes personal data to identify all categories of information the controller collects, when the controller may disclose such information, how a customer may exercise their consumer rights, the purpose for processing the personal data, categories of personal data share with a third party, and means to contact the controller.
|
Comprehensive
|
|
Rhode Island
|
S 2945
|
Confidentiality of Health Care Communications
|
Pending
|
Amends provisions relative to confidentiality of health care communications and the process for requesting records and/or confidential health care information; takes effect upon passage.
|
Other Consumer Privacy
|
|
South Carolina
|
H 3424
|
Pornographic Website Provision
|
Enacted
|
Provides that it is unlawful for an operator to make a pornographic website available to persons under the specified age; provides that the attorney general shall create certain procedures.
|
Online Children’s Privacy
|
|
South Carolina
|
H 4541
|
Child Data Privacy and Protection Act
|
Failed - Adjourned
|
Provides definitions; provides for certain data protection impact assessments; provides that certain entities may not collect, retain, process, or sell certain personal data; provides that certain entities shall utilize privacy by default; provides that users must have access to their accounts; provides that certain civil and criminal subpoenas and warrants must be expedited; provides that privacy policies must be prominently displayed; provides for methods for notifications.
|
Online Children’s Privacy; Comprehensive
|
|
South Carolina
|
H 4700
|
Social Media Company Restriction to Minor Users
|
Failed - Adjourned
|
Provides that a social media company may not permit certain minors to be account holders; specifies requirements for such companies; provides that a social media company shall provide certain parents or guardians with certain information; provides that a social media company shall restrict social media access to minors during certain hours; provides that the Consumer Services Division has authority to administer and enforce certain requirements; provides that that certain waivers and limitations are void.
|
Online Children’s Privacy
|
|
South Carolina
|
H 4842
|
Design Code Act
|
Failed - Adjourned
|
Relates by enacting the South Carolina Age-Appropriate Design Code Act; provides definitions; provides for information fiduciary; provides scope and exclusions; provides requirements for covered entities; provides for prohibitions for covered entities; provides for data practices; provides for enforcement; provides for limitations.
|
Online Children’s Privacy
|
|
South Dakota
|
H 1257
|
Minors' Access To Pornographic Material Study Committee
|
Failed - Adjourned
|
Requires the Executive Board of the Legislative Research Council to establish an interim study committee on minors' access to pornographic material.
|
Online Children’s Privacy; Studies
|
|
Tennessee
|
H 965
|
Banks and Financial Institutions
|
Failed - Adjourned
|
Prohibits a financial institution from releasing or providing the account balance or transaction activity of an account to a person without first obtaining the account holder's express permission or without a warrant issued by a judicial officer located in the state.
|
Location Privacy
|
|
Tennessee
|
H 1614
|
Consumer Protection
|
Failed - Adjourned
|
Enacts the Protect Tennessee Minors Act; requires an individual or commercial entity that publishes or distributes in the state a website that contains a substantial portion of material harmful to minors perform reasonable age-verification methods to verify the age of individuals attempting to access the material; specifies that a violation of age-verification or data retention requirements is a class C felony.
|
Online Children’s Privacy
|
|
Tennessee
|
H 1837
|
Student Information
|
Enacted
|
Provides that a public institution of higher learning that holds personal information of students, including, but not limited to, names, campus, home, or email addresses, telephone numbers, or other identifying information, shall not share the personal information with a third party that has contracted with the public institution to input personal information of students for administrative purposes, unless the contractor agrees in writing that the personal information will only be used for certain purposes.
|
Other Consumer Privacy
|
|
Tennessee
|
H 1891
|
Protecting Children from Social Media Act
|
Enacted
|
Creates the Protecting Children from Social Media Act; provides that a social media company shall verify the age of an individual who attempts to become an account holder, at the time the individual attempts to become an account holder; provides that if the individual is a minor, then the social media company must verify the express parental consent for the minor to become an account holder.
|
Online Children’s Privacy
|
|
Tennessee
|
H 1949
|
Criminal Offenses
|
Failed - Adjourned
|
Expands the offense of observation without consent to include a person or entity that adopts rules or enforces a policy or other work-related guidance for employees or contractors to promote or assist in the commission of observation without consent in a place where there is a reasonable expectation of privacy, including a restroom, locker room, dressing room, or shower, designated for multi-person, single sex use.
|
Other Consumer Privacy
|
|
Tennessee
|
H 2160
|
Consumer Protection
|
Failed - Adjourned
|
Requires a commercial entity that knowingly publishes or distributes on the internet material harmful to minors to provide internet or cellular service subscribers the opportunity to request that the commercial entity block website access through the subscriber's internet or cellular service subscription.
|
Online Children’s Privacy
|
|
Tennessee
|
H 2615
|
Consumer Protection
|
Failed - Adjourned
|
Creates the Motor Vehicle Consumer Privacy Act of 2024.
|
Connected Devices
|
|
Tennessee
|
S 1643
|
Consumer Protection
|
Failed - Adjourned
|
Relates to consumer protection; requires commercial entities that publish or distribute material on an internet website, more than one-third of which is sexual material harmful to minors, to verify that an individual attempting to access the material is of certain age or older; prohibits a commercial entity or a third party that performs the age verification from retaining any identifying information of the individual.
|
Online Children’s Privacy
|
|
Tennessee
|
S 1658
|
Consumer Protection
|
Failed - Adjourned
|
Relates to consumer protection; requires certain data controllers to register with the consumer protection division of the office of the attorney general and reporter; requires the division to create and maintain a website and accessible deletion mechanism that a consumer can use to make a single deletion request that is binding on all controllers registered with the division; makes other related changes.
|
Comprehensive
|
|
Tennessee
|
S 1745
|
Higher Education
|
Failed - Adjourned
|
Prohibits a public institution of higher learning that holds personal information of students from sharing the personal information with a third party, unless the third party agrees in writing that the personal information will only be used for the purpose for which information is originally requested.
|
Other Consumer Privacy
|
|
Tennessee
|
S 1792
|
Protect Tennessee Minors Act
|
Enacted
|
Provides that an individual or commercial entity that publishes or distributes in the state a website that contains a substantial portion of content harmful to minors is liable if the individual or commercial entity does not verify, using a reasonable age-verification method, the age of each active user attempting to access its website or verify, using a reasonable age-verification method, and the age of an active user attempting to access its website again after completion of an age-verified session.
|
Online Children’s Privacy
|
|
Tennessee
|
S 2042
|
Consumer Protection
|
Failed - Adjourned
|
Requires a commercial entity that knowingly publishes or distributes on the internet material harmful to minors to provide internet or cellular service subscribers the opportunity to request that the commercial entity block website access through the subscriber's internet or cellular service subscription.
|
Online Children’s Privacy
|
|
Tennessee
|
S 2097
|
Protecting Children from Social Media Act
|
Failed - Adjourned
|
Creates the Protecting Children from Social Media Act.
|
Online Children’s Privacy
|
|
Tennessee
|
S 2858
|
Consumer Protection
|
Failed - Adjourned
|
Creates the Motor Vehicle Consumer Privacy Act of 2024.
|
Connected Devices
|
|
Texas
|
No regular 2024 session
|
|
|
n/a
|
|
|
Utah
|
H 342
|
Electronic Information Privacy Amendments
|
Failed
|
Modifies provisions dealing with consumers' personal information.
|
Other Consumer Privacy
|
|
Utah
|
H 484
|
Nonprofit Entity Amendments
|
Enacted
|
Modifies provisions related to disclosure of nonprofit entity related personal information by public agencies; modifies definitions; clarifies the individuals about whom personal information may not be disclosed; amends the exemptions from the prohibition of disclosing personal information; addresses damages; makes technical and conforming amendments.
|
Other Consumer Privacy
|
|
Utah
|
S 149
|
Artificial Intelligence Amendments
|
Enacted
|
Creates the Artificial Intelligence Policy Act; establishes liability for use of AI that violates consumer protection laws if not properly disclosed; creates the Office of Artificial Intelligence Policy and a regulatory AI analysis program; enables temporary mitigation of regulatory impacts during AI pilot testing; establishes the Artificial Intelligence Learning Laboratory Program to assess technologies, risks, and policy.
|
Other Consumer Privacy
|
|
Utah
|
S 194
|
Social Media Regulation Amendments
|
Enacted
|
Relates to the Utah Minor Protection in Social Media Act; requires social media companies to verify a new account holder's age using an approved system; requires a social media service to enable maximum default privacy settings on a state minor account holder's account, provide supervisory tools and verifiable parental consent mechanisms on a state minor account holder's account, and provide confidentiality protections for minors data; establishes the Division of Consumer Protections enforcement powers.
|
Online Children’s Privacy
|
|
Utah
|
S 215
|
Motor Vehicle Consumer Data Protection
|
Enacted
|
Enacts provisions related to motor vehicle consumer data protection; enacts provisions related to storing, sharing, and accessing motor vehicle consumer data.
|
Connected Devices
|
|
Utah
|
S 232
|
Minor Data Protection Amendments
|
Failed
|
Modifies the Protection of Personal Information Act.
|
Online Children’s Privacy
|
|
Vermont
|
H 121
|
Consumer Privacy
|
Vetoed
|
Relates to enhancing consumer privacy.
|
Biometrics or Facial Recognition; Information Brokers; Comprehensive
|
|
Vermont
|
H 712
|
Age Appropriate Design Code
|
Failed - Adjourned
|
Relates to age-appropriate design code.
|
Online Children’s Privacy
|
|
Vermont
|
H 789
|
Data Trust Study Committee
|
Failed - Adjourned
|
Relates to establishing the data trust study committee.
|
Studies
|
|
Vermont
|
S 173
|
Consumer Health Data
|
Failed - Adjourned
|
Relates to the collection, sharing, and selling of consumer health data.
|
Location Privacy; Other Consumer Privacy
|
|
Vermont
|
S 269
|
Consumer Privacy
|
Failed - Adjourned
|
Relates to enhancing consumer privacy.
|
Biometrics or Facial Recognition; Comprehensive
|
|
Vermont
|
S 289
|
Age Appropriate Design Code
|
Failed - Adjourned
|
Relates to age-appropriate design code.
|
Online Children’s Privacy
|
|
Virginia
|
H 78
|
Search Warrants
|
Enacted
|
Relates to search warrants; relates to menstrual health data prohibited; prohibits the issuance of a search warrant for the search and seizure of menstrual health data stored on a computer, computer network, or other device containing electronic or digital information.
|
Other Consumer Privacy
|
|
Virginia
|
H 707
|
Consumer Data Protection Act
|
Enacted
|
Relates to Consumer Data Protection Act; relates to protections for children; relates to data protection assessments.
|
Online Children’s Privacy; Comprehensive; Location Privacy
|
|
Virginia
|
H 821
|
Consumer Data Protection Act
|
Failed
|
Relates to Consumer Data Protection Act; relates to protections for children; requires a controller or processor to obtain verifiable parental consent, defined in the bill, prior to registering any child with the operator's product or service or before collecting, using, or disclosing such child's personal data and prohibits a controller from knowingly processing the personal data of a child for purposes of targeted advertising, the sale of such personal data, or profiling in furtherance of decisions.
|
Online Children’s Privacy; Comprehensive
|
|
Virginia
|
H 877
|
Virginia Social Media Regulation Act
|
Failed
|
Relates to Virginia Social Media Regulation Act established; relates to penalties; establishes the Virginia Social Media Regulation Act for the purpose of prohibiting minors in state from possessing an account on any social media platform without the express consent of a parent or guardian; requires a social media company to provide a minor's parent or guardian with access to the minor's account and all posts and information on such account.
|
Online Children’s Privacy
|
|
Virginia
|
H 1094
|
Department of Education
|
Failed
|
Relates to Department of Education; relates to school boards; relates to student online activity; relates to data collection, monitoring, and restrictions.
|
Other Consumer Privacy
|
|
Virginia
|
H 1115
|
Consumer Data Protection Act
|
Failed
|
Relates to Consumer Data Protection Act; relates to social media platforms; prohibits a person that operates a social media platform that has knowledge that a user of the social media platform is a child under the age of 18 from implementing certain practices, designs, and features of the social media platform for any interaction with such child that includes infinite scroll, auto-playing videos, push notifications, gamification, and virtual gifts.
|
Online Children’s Privacy
|
|
Virginia
|
H 1161
|
Consumer Data Protection Act
|
Failed
|
Relates to Consumer Data Protection Act; relates to social media; relates to parental consent; requires social media platforms, defined in the bill, that are subject to the provisions of the Children's Online Privacy Protection Act to obtain verifiable parental consent prior to permitting any minor to create an account with such social media platform and, with such account, use the social media platform; provides that the bill requires such social media platforms to give the parent or guardian.
|
Online Children’s Privacy
|
|
Virginia
|
H 1359
|
Search Warrants
|
Failed
|
Relates to search warrants; provides that menstrual health data is prohibited.
|
Other Consumer Privacy
|
|
Virginia
|
H 1468
|
Consumer Data Protection Act
|
Failed - Adjourned
|
Relates to Consumer Data Protection Act; relates to enforcement by the attorney general; relates to civil penalty; permits the attorney general to prohibit TikTok from being available to known minors in the commonwealth; provides that a civil penalty of specified amount may be assessed for violations by TikTok unless such website or application could not have reasonably known or have had reason to know of such operation in the commonwealth.
|
Online Children’s Privacy
|
|
Virginia
|
H 1539
|
Abortion or Other Reproductive Health Care Services
|
Vetoed
|
Relates to abortion or other reproductive health care services; relates on prohibitions on extradition for certain crimes; prohibits practices under Virginia Consumer Protection Act.
|
Other Consumer Privacy
|
|
Virginia
|
S 16
|
Court Orders
|
Enacted
|
Relates to search warrants, subpoenas, court orders, or other process; relates to menstrual health data prohibited; provides that no search warrant, subpoena, court order, or other process shall be issued, executed, or served for the purpose of the search and seizure or production of menstrual health data, including data stored on a computer, computer network, or other device containing electronic or digital information.
|
Other Consumer Privacy
|
|
Virginia
|
S 252
|
Consumer Data Protection Act
|
Failed
|
Relates to the Consumer Data Protection Act; relates to a controller privacy notice; relates to cookies; relates to consumer consent; requires the privacy notice that a controller must provide to consumers to include a method by which a consumer may opt out of the automatic placement of a data file, commonly referred to as a cookie, on the consumers computer or web browser and a disclosure of the purposes for which the data files are used.
|
Internet Privacy
|
|
Virginia
|
S 264
|
Department of Education and School Boards
|
Failed
|
Relates to Department of Education; relates to school boards; relates to student online activity; relates to data collection, monitoring, and restrictions; requires the Department of Education to establish, and each school board to adhere to, requirements relating to the collection of data on student online activity and the monitoring of student online activity by school boards and school board employees, including requirements to disclose to the parents of enrolled students what student online activity.
|
Other Consumer Privacy
|
|
Virginia
|
S 359
|
Consumer Data Protection Act
|
Failed
|
Relates to Consumer Data Protection Act; relates to social media platforms; relates to addictive feed; prohibits a person that operates a social media platform that has knowledge that a user of the social media platform is a child under the age of 18 from using an addictive feed, defined in the bill, unless such social media platform obtains verifiable parental consent.
|
Online Children’s Privacy
|
|
Virginia
|
S 361
|
Consumer Data Protection Act
|
Enacted
|
Relates to Consumer Data Protection Act; relates to protections for children; prohibits operators, defined in the bill, of websites, online services, or online or mobile applications from collecting or using the personal data of users they know are younger than the age of 18 without consent and prohibits the sale or disclosure of the personal data of such users.
|
Online Children’s Privacy
|
|
Virginia
|
S 432
|
Consumer Data Protection Act
|
Failed
|
Relates to Consumer Data Protection Act; relates to protections for children; requires a controller or processor to obtain verifiable parental consent, defined in the bill, prior to registering any child with the operator's product or service or before collecting, using, or disclosing such child's personal data and prohibits a controller from knowingly processing the personal data of a child for purposes of targeted advertising, the sale of such personal data.
|
Online Children’s Privacy
|
|
Virginia
|
S 684
|
Online Children’s Safety Protection Act
|
Failed
|
Creates the Online Children's Safety Protection Act, which requires certain duties of covered entities, defined in the bill, to protect the best interests of children who use online services, products, or features; requires any covered entity that provides an online service, product, or feature likely to be accessed by a child to complete a data protection impact assessment, the details of which are described.
|
Online Children’s Privacy
|
|
Washington
|
H 1616
|
Charter of Peoples Personal Data Rights
|
Failed - Adjourned
|
Creates a charter of people's personal data rights.
|
Comprehensive
|
|
Washington
|
H 2149
|
Consumer Personal Information
|
Failed - Adjourned
|
Protects consumer personal information.
|
Comprehensive
|
|
Washington
|
H 2277
|
Business Entities Engaged in the Act of Brokering Data
|
Failed - Adjourned
|
Relates to licenses of business entities engaged in the act of brokering data.
|
Information Brokers
|
|
Washington
|
S 5643
|
Charter of Peoples Personal Data Rights
|
Failed - Adjourned
|
Creates a charter of people's personal data rights.
|
Comprehensive
|
|
Washington
|
S 6179
|
Use of Biometric Age Verification by Liquor Licensees
|
Failed - Adjourned
|
Relates to the use of biometric age verification by liquor licensees; provides that a card of identification may, for the purpose of procuring liquor, be accepted by any licensee as evidence of legal age of the person presenting such card; provides that a biometric age verification system may be relied upon by any licensee as evidence of legal age of the person using the biometric age verification system.
|
Biometrics or Facial Recognition
|
|
West Virginia
|
H 4168
|
Online Privacy Protection for Minors
|
Failed - Adjourned
|
Relates to online privacy protection for minors.
|
Online Children’s Privacy
|
|
West Virginia
|
H 4381
|
Consumer Privacy Act
|
Failed - Adjourned
|
Enacts the West Virginia Consumer Privacy Act; provides prohibitions on disclosures or sales of certain consumer financial information; authorizes a customer to opt-in to certain disclosure; creates exceptions for certain financial institutions for sharing consumer information with a credit reporting agency; requires certain information to be provided to consumers; provides for civil remedies; provides for enforcement actions of the attorney general.
|
Other Consumer Privacy
|
|
West Virginia
|
H 4390
|
Use of Electronic Tracking Devices
|
Failed - Adjourned
|
Prohibits the use of electronic tracking devices.
|
Location Privacy
|
|
West Virginia
|
H 4423
|
Protection of Minors from Harmful Material on Internet
|
Failed - Adjourned
|
Relates to material harmful to minors on the internet.
|
Online Children’s Privacy
|
|
West Virginia
|
H 4546
|
Data Disposal Protection
|
Failed - Adjourned
|
Relates to data disposal protection.
|
Other Consumer Privacy
|
|
West Virginia
|
H 4718
|
Online Privacy Protection Laws for Children
|
Failed - Adjourned
|
Provides online privacy protection laws for children under certain age.
|
Online Children’s Privacy
|
|
West Virginia
|
H 4867
|
Age Verification Methods in Pornography Websites
|
Failed - Adjourned
|
Creates liability for publishers and distributors of sexual material harmful to minors; provides definitions; relates to what constitutes reasonable age verification; provides exceptions to applicability of this article; requires a commercial entity that provides pornography and other materials defined as being harmful to minors as a substantial portion of the entity's content to verify the age of individuals accessing the material, relating to liability, and establishing a cause of action.
|
Online Children’s Privacy
|
|
West Virginia
|
H 5110
|
Genetic Information Privacy Act
|
Failed - Adjourned
|
Relates to the Genetic Information Privacy Act.
|
Genetic Privacy
|
|
West Virginia
|
H 5112
|
Consumer Data Protection Act
|
Failed - Adjourned
|
Relates to the Consumer Data Protection Act.
|
Comprehensive
|
|
West Virginia
|
H 5226
|
Child Social Media Protection Bill
|
Failed - Adjourned
|
Relates to the Child Social Media Protection Bill.
|
Online Children’s Privacy
|
|
West Virginia
|
H 5271
|
Privacy of Social Care Information
|
Failed - Adjourned
|
Relates to privacy of social care information.
|
Other Consumer Privacy
|
|
West Virginia
|
H 5272
|
Child Online Pornography Protection
|
Failed - Adjourned
|
Relates to the Child Online Pornography Protection.
|
Online Children’s Privacy
|
|
West Virginia
|
H 5338
|
Consumer Data Protection Act
|
Vetoed
|
Provides for an affirmative legal defense to certain types of businesses against certain types of lawsuits claiming that the business failed to implement reasonable cybersecurity protections and that, as a result, a data breach of personal information or restricted information occurred, if the business creates, maintains, and complies with a written cybersecurity program that contains administrative, technical, operational, and physical safeguards for the protection of personal information.
|
Other Consumer Protection; Comprehensive
|
|
West Virginia
|
H 5342
|
Applicability of Civil Causes of Action
|
Failed - Adjourned
|
Relates to the applicability of civil causes of action in cases involving surveillance.
|
Other Consumer Protection
|
|
West Virginia
|
H 5572
|
Cameras and Recording Devices in Bedrooms and Bathrooms
|
Failed - Adjourned
|
Provides that, regardless of the age of the child or the concerns of the foster parent, there shall be no cameras permitted, for the purpose of unattended surveillance or recording, in the bedrooms or bathrooms of foster children in said foster parents care with certain exemptions, including baby monitors where age appropriate for the child and any equipment used to monitor the health of a child receiving medical care, where necessary to ensure the health and safety of the child.
|
Other Consumer Protection
|
|
West Virginia
|
H 5698
|
Consumer Data Protection Act
|
Failed - Adjourned
|
Relates to the Consumer Data Protection Act.
|
Comprehensive
|
|
Wisconsin
|
A 730
|
Distribution of Certain Materials to Minors
|
Failed
|
Concerns the distribution of certain materials to minors.
|
Online Children’s Privacy
|
|
Wisconsin
|
A 824
|
Sharing of Sensitive Information Standards
|
Failed
|
Establishes standards for the sharing of sensitive information between separate legal entities.
|
Other Consumer Privacy
|
|
Wisconsin
|
S 385
|
Use of Social Media Platforms by Minors
|
Failed
|
Relates to the use of social media platforms by minors; grants rule making authority; provides for a penalty.
|
Online Children’s Privacy
|
|
Wisconsin
|
S 642
|
Consumer Data Protection
|
Failed
|
Concerns consumer data protection; provides a penalty.
|
Biometrics or Facial Recognition; Other Consumer Privacy
|
|
Wisconsin
|
S 683
|
Distribution of Certain Materials to Minors
|
Failed
|
Concerns the distribution of certain materials to minors.
|
Online Children’s Privacy
|
|
Wisconsin
|
S 1080
|
Information Stored on Motor Vehicle Data Recorders
|
Failed
|
Concerns use of information stored on motor vehicle data recorders; provides a penalty.
|
Connected Devices
|
|
Wyoming
|
H 78
|
Pornography and Obscenity Crimes and Penalties
|
Failed
|
Relates to crimes and offenses; specifies penalties for promoting obscenity on an internet website; requires a person who publishes material harmful to minors to an internet website to require age verification to access the website; prohibits a person from retaining identifying information related to age verification; requires the attorney general to provide for reporting of violations; provides penalties.
|
Online Children’s Privacy
|
|
Wyoming
|
HJR 7
|
Individual Right to Privacy Constitutional Amendment
|
Failed
|
Proposes to amend the State Constitution to provide for a right of individual privacy.
|
Constitutional Amendment
|