Every state privacy law update is evolving quickly, driven by the relentless pace of technological innovation and a growing public awareness about the value of personal information. Every swipe, click, and share tells a story, and there’s a growing demand to ensure this narrative remains in the hands of its rightful owner.

Against this backdrop, the United States is witnessing a flurry of activity as states propose, debate, and enact legislation to protect consumers’ and children’s data privacy. Certain states have emerged as frontrunners, proposing groundbreaking bills that could redefine how personal data is handled. 

In this article, we focus on the latest updates on proposed state privacy laws that aim to redraw the lines of digital rights and consumer protection.

Kentucky Inches Closer to Consumer Data Privacy Bill

Kentucky is on the brink of adopting significant consumer data privacy legislation, with its HB 15 bill making substantial progress through the state legislature. After passing the House on February 20, the bill moved through the Senate on March 11, receiving two minor amendments to fine-tune the legislation. Although it is modeled closely on Virginia’s Consumer Data Protection Act, Kentucky’s version introduces changes to tailor the law to meet the state’s unique needs.

The bill’s essence remains focused on empowering consumers with greater control over their personal data. The Senate’s amendments further refine the bill, clarifying that the Act does not apply to personal data processing in purely personal or household contexts. Additionally, they propose naming it the Kentucky Consumer Data Protection Act.

Maryland Sets New Precedent in Consumer Privacy Protection

Maryland is making strides in consumer data privacy with the advancement of companion bills SB 541 and HB 567. The Senate bill, SB 541, received unanimous approval on March 14 and is now under review by the House Economic Matters Committee. Concurrently, HB 567 is progressing through the House and is currently positioned for its third reading.

Both bills are designed to regulate how controllers process personal data, ensuring that consumers’ privacy is front and center. They also mandate that controllers of personal data establish transparent methods for consumers to exercise their data privacy rights.

Minnesota Moves Closer to Strengthening Consumer Privacy

Minnesota is making noteworthy progress in enhancing consumer privacy protections with the advancement of HF 2309. After successfully passing the House State and Local Government Finance and Policy Committee, this bill has now been referred to the House Ways and Means Committee.

HF 2309 aims to introduce comprehensive protections for consumers, including the right to be informed about the personal information companies collect. Beyond transparency, the bill empowers consumers to access, correct, and delete their personal data, ensuring greater control over their digital footprint.

Vermont Propels Privacy Rights Forward with H.121

Vermont has made a notable advancement with Representative Priestley’s H.121 to enhance privacy protections. This bill recently secured passage from the House Committee on Commerce and Economic Development on March 15.

H.121 distinguishes itself with its unique provisions and the incorporation of a private right of action. This key feature empowers individuals, granting them the legal authority to initiate actions against entities that violate their privacy rights.

Georgia’s Balanced Approach to Privacy

Georgia has emerged as a state to watch in data privacy legislation, with SB 473 gaining traction in the legislative process. Passed by the Senate on February 27 and discussed in the House Technology & Infrastructure Innovation Committee on March 14, this bill seeks a balanced approach to consumer privacy.

Amidst the legislative session drawing to a close on March 28, efforts are underway to refine SB 473, incorporating feedback from stakeholders to ensure it meets the unique needs of Georgians.

Maine’s Dueling Privacy Proposals

In Maine, the legislative focus on consumer privacy is illustrated by the ongoing discussions around LD 1973 and LD 1977. LD 1973, aiming to establish the Maine Consumer Privacy Act, seeks to empower consumers with greater control over their personal data, including an opt-in mechanism for collecting personal and geolocation data. This bill, introduced on May 18, 2023, has seen a 25% progression and was tabled during a work session held on March 14, 2024.

Conversely, LD 1977 proposes the creation of the Data Privacy and Protection Act. The bill was also reviewed in a work session on March 14, 2024, indicating ongoing deliberations.

Children’s Privacy Takes Center Stage

Recent legislative efforts across the United States have spotlighted children’s privacy, with states introducing and advancing bills tailored to safeguard the digital footprint of the younger generation. In Maryland, the Age-Appropriate Design Code Act has seen promising progress with the companion bills, HB 603 and SB 571, passing unanimously through their respective chambers on March 14. These bills mandate rigorous data protection impact assessments for online products that children will likely access and impose strict privacy protections.

Vermont’s S.289, another Age-Appropriate Design Code Act bill, has successfully passed through two committees as of March 20, 2024. Similarly, New York’s S 70695, aimed at establishing the New York Child Data Protection Act, underwent amendments and further review by the Internet and Technology Committee on March 12.

Utah has taken a novel approach by enacting HB 464 and SB 194. These bills repeal and replace the previous Utah Social Media Regulation Act. They also introduce a private right of action for harm to minors from excessive use of algorithmically curated social media services.

Biometric and Health Data Privacy

The conversation around privacy is expanding to include biometric and health data. Maine’s LD 1705, focusing on biometric privacy, was deliberated during a work session on March 14. The legislative committee ultimately decided against moving forward with the bill, citing the ongoing efforts with LD 1973 and LD 1977 as sufficient in addressing the state’s privacy concerns.

Colorado is actively expanding the scope of its privacy laws to include biometric data, with HB 1130 moving forward to a Senate Judiciary Committee hearing on March 27. This bill aims to enhance the Colorado Privacy Act by setting specific regulations for handling biometric information.

In parallel, Colorado is also addressing the critical area of health data privacy through HB 1058, which proposes including biological and neural data in the definition of sensitive data under the Colorado Privacy Act. This initiative, reflecting a broader understanding of personal data, advanced to a Senate Business, Labor, and Technology Committee hearing on March 21. Illinois is also contributing to the dialogue on health data privacy, with HB 4093 slated for a committee hearing on March 21. 

Partner With TeraDact to Ensure Compliance with State Privacy Laws

Though fragmented, the proposed state privacy law update reflects a responsive legislative environment where privacy concerns are a priority. This legislative landscape underscores the urgent need for businesses to comply. TeraDact is a perfect solution for enterprises aiming to stay compliant with evolving state data privacy laws.

Our advanced data protection and security suite allows your organization to establish a trusted relationship with data, ensuring resilience from the ground up and across multiple platforms. The platform’s seamless integration with various data sources provides comprehensive oversight through a singular dashboard, simplifying data protection management. Try a demo for free and experience firsthand how we can transform your organization’s data protection strategy.