|Alaska||H 159||Consumer Data Privacy Act||x||x||x||x||x||x||x||x|
|Hawaii||H 2051||Hawaii Consumer Privacy Act||x||x||x||x||x||x||x||x||x|
|Hawaii||S2797/S2428||Consumer Data Protection Act||x||x||x||x||x||x||x||x||x||x|
|Hawaii||H 2341||Personal Consumer Data Regulation||x||x||x||x||x||x||x||x||x||x|
|Georgia||S 394||Georgia Computer Data Privacy Act||x||x||x||x||x||x||x||x||x|
|Illinois||H3910||Consumer Privacy Act||x||x||x||x||x||x||x||x|
|Illinois||H2404||Right to Know Act||x||x|
|Illinois||SB 3081||Do Not Track Act||x||x|
|Iowa||House File 2506||x||x||x||x||x||x||x||x|
|Indiana||H 1261||Consumer Privacy||x||x||x||x||x||x||x|
|Indiana||S 358||Consumer Data Protection||x||x||x||x||x||x||x||x||x|
|Kentucky||S15||Consumer Data Privacy||x||x||x||x||x||x||x||x||x||x|
|Massachusetts||SD 1726||Massachusetts Information Privacy Act||x||x||x||x||x||x||x||x||x||x||x||x|
|Michigan||H 5989||Consumer Privacy Act||x||x||x||x||x||x||x||x||x||x||x|
|Michigan||SB1182||Michigan Personal Data Privacy Act||x||x||x||x||x||x||x||x||x||x||x|
|Minnesota||MN H36||Consumer Data Privacy||x||x||x||x||x||x||x||x||x|
|Minnesota||MN H1492/S 1408||Consumer Data Privacy||x||x||x||x||x||x||x||x||x||x|
|New York||A405||Online Consumer Protection Act||x||x||x||x|
|New York||A400/S1349||The Right To Know Act of 2021||x||x||x|
|New York||S567/A3709||Consumer Rights||x||x||x||x||x||x||x||x|
|New Jersey||SB1257/A5448||Online Personally Identifiable Information Disclosure||x||x||x||x||x||x|
|New Jersey||S 332||Online Personally Identifiable Information Disclosure||x||x||x||x||x|
|New Jersey||A3283||New Jersey Disclosure and Accountability Transparency Act||x||x||x||x||x||x||x||x||x|
|New Jersey||A 1971||Commercial Internet Websites Consumer Information||x||x|
|North Carolina||S 569||Consumer Privacy Act of North Carolina||x||x||x||x||x||x||x||x||x||x||x|
|Pennsylvania||H 1126||Consumer Data Privacy Act||x||x||x||x||x||x||x|
|Pennsylvania||H 2257||Protection of Certain Personal Data of Consumers||x||x||x||x||x||x||x||x||x||x|
|Rhode Island||H5959||Rhode Island Transparency and Privacy Protection act||x|
|Vermont||H 160||Consumer Data Privacy|
|Ohio||HB 376||Ohio Personal Privacy Act||x||x||x||x||x||x||x||x|
|Oklahoma||H 1602||Oklahoma Computer Data Privacy Act||x||x||x||x||x||x||x||x||x|
We update this post periodically when new bills are proposed, when bills die and when bills are passed into law.
Click here for a link to our google spreadsheet of US State Privacy Bill Tracker.
We classified the bills into a chart to make it all easier to understand. Here is an explanation of the factors against which each bill is weighed:
- Business size limit: this bill applies to businesses of a certain size. For example, some of the bills apply to businesses that make millions of dollars in revenue or collect the personal information of a certain number of that state’s citizens;
- Right to access data: consumers have the right to see the specific pieces of data that the company has collected about them;
- Right to delete data: consumers have the right to request that the business delete their personal data;
- Right to correct data: consumers have the right to request that the business correct their incorrect data or complete their incomplete data;
- Right to restrict processing: consumers have the right to limit how businesses use their data.
- Right to opt out: consumers have the right to say no to the sharing or selling of their data.
- Opt-in consent required: consumers have to affirmatively allow the business to collect, use, sell or share their data.
- Right to portability: consumers have the right to receive their personal data that the business has collected on them in an electronic, commonly-used, machine structured format.
- Against automated decision making: the bill restricts a businesses’ ability to make certain decisions by solely automated means, without any human involvement.
- Imposes fiduciary duty: the bill obligates a business to act solely in the best interest of the consumer and not the business when it comes to that consumer’s data.
- Prohibits discrimination: the bill prohibits businesses from discriminating against consumers that exercise their rights by charging higher prices or by providing inferior quality service or products.
As the proposed bills are always changing, make sure to check this post often to keep up to date! Or don’t, we’ll update your policies automatically for you when the bills become law.
Here are links to each respective proposed privacy bill:
- Alaska – AK H 159;
- Hawaii – HI H2051;
- Hawaii – HI S2797/S2428;
- Hawaii HI H 2341;
- Georgia – GA S 394;
- Illinois – IL H 3910;
- Illinois – IL H 2404;
- Illinois – IL SB 3081;
- Iowa House File 2506;
- Indiana – IN H 1261;
- Indiana – IN S 358;
- Kentucky – KY S 15;
- Massachusetts – MA SD 1726;
- Michigan – MI H 5989;
- Minnesota – MN H36;
- Minnesota – MN H1492;
- New York – NY A 405;
- New York – NY A 400;
- New York – NY S 567;
- New Jersey – NJ A 2188;
- New Jersey – NJ A 3255;
- New Jersey – NJ A 1181;
- New Jersey – NJ SB 1257;
- New Jersey – NJ A 3283;
- New Jersey – NJ S 332;
- New Jersey – NJ A 1971;
- North Carolina – NC S 569;
- Pennsylvania PA H 1126;
- Pennsylvania PA H 2257;
- Rhode Island – RI H 5959;
- Utah – UT S 227;
- Ohio – OH HB 376;
- Oklahoma – OK H 1602;
- Oklahoma – OK H 1130;
- Vermont – VT H 160
Donata is the Co-founder and President of Termageddon, an auto-updating generator of website and application policies. She is a licensed attorney and Certified Information Privacy Professional. She also serves as the Vice-Chair of the American Bar Association’s ePrivacy Committee and the Chair of the Chicago Chapter of the International Association of Privacy Professionals. In her free time, Donata enjoys beekeeping, hunting for morel mushrooms, and walks with her husband and two dogs.