U.S. Legislation

On June 22nd, lawmakers in Salem passed SB 619, the Oregon Consumer Privacy Act (“OCPA”). If enacted by Governor Kotek, Oregon will become the eleventh U.S. state (and sixth in 2023) to adopt broad-based data privacy legislation governing the collection, use, and transfer of consumer data. The bulk of OCPA’s requirements will take effect on […]

Note: This title is inspired by Professor Daniel J. Solove’s recent essay, ‘Data Is What Data Does: Regulating Based on Harm and Risk Instead of Sensitive Data.’ On June 16, 2023, Nevada Senate Bill 370 (SB 370) was signed into law by Governor Lombardo, making Nevada the second state, after Washington, to pass broad-based consumer […]

On June 3rd, Connecticut Senate Bill 3 (SB 3), an “Act Concerning Online Privacy, Data and Safety Protections,” cleared the state legislature following unanimous votes in the House and Senate. If enacted by Governor Lamont, SB 3 will amend the Connecticut Data Privacy Act (CTDPA) to create new rights and protections for consumer health data […]

Over Memorial Day weekend Texas lawmakers passed the Texas Data Privacy and Security Act (TDPSA) with unanimous votes in both the State House and Senate. If enacted by Governor Abbott, Texas will become the tenth U.S. state (and fifth in 2023) to enact broad-based data privacy legislation governing the collection, use, and transfer of consumer […]

On May 4, 2023, the Florida ‘Digital Bill of Rights’ (SB 262) cleared the state legislature and now heads to the desk of the Governor for signature. SB 262 bears many similarities to the Washington Privacy Act and its progeny (specifically the Texas Data Privacy and Security Act). However, SB 262 is unique given its […]

The Washington ‘My Health, My Data’ Act (MHMD or the Act) establishes a fundamentally new legal framework within U.S. law to regulate the collection, use, and transfer of consumer health data. Signed into law by Governor Inslee on April 27, MHMD was introduced by request of the Washington Attorney General in response to the Supreme […]

On Friday April 21, Nashville lawmakers approved the Tennessee Information Protection Act (TIPA) following unanimous votes. Tennessee now joins Iowa, Indiana, and Montana as the four states in 2023 that have advanced baseline privacy legislation governing the collection, use, and transfer of consumer data. TIPA is closely modeled on the Virginia Consumer Data Protection Act […]

On Monday March 27, the Future of Privacy Forum (FPF) filed comments with the California Privacy Protection Agency to inform the Agency’s forthcoming rulemaking to implement the California Privacy Rights Act amendments to the California Consumer Privacy Act’s provisions on cybersecurity audits, risk assessments, and automated decisionmaking. FPF’s comments are directed towards ensuring that individuals […]

By Keir Lamont & Mercedes Subhani Update: On March 28, Governor Kim Reynolds signed SF 262 into law, making Iowa the 6th state to enact a baseline consumer privacy framework.  Lawmakers in Iowa are considering the adoption of a new consumer privacy framework that would fall far short of comparable state privacy laws in terms of […]

Update: On March 23, Governor Spencer Cox signed SB 152 and HB 311. While amendments were made to both bills, the concerns raised in FPF’s analysis remain. SB 152 leaves critical provisions, such as methods to verify age or obtain parental consent, to be established in further rulemaking, but questions remain regarding whether these can […]