Keypoint: Last week, the Kentucky legislature passed a consumer data privacy bill, Colorado passed an amendment to the Colorado Privacy Act, and there was movement on bills in Maine, Maryland, Rhode Island, and Vermont.
Below is the tenth weekly update on the status of proposed state privacy legislation in 2024.
Table of Contents
- What’s New
- Bill Tracker Charts
- Bill Tracker Maps
1. What’s New?
The big news last week was the Kentucky legislature passing HB 15 on March 27. The bill now heads to the Kentucky Governor. Assuming the bill becomes law, Kentucky will become the fifteenth state to enact consumer data privacy legislation. You can find our analysis of the bill here.
Conversely, the Georgia legislature closed without passing SB 473. That bill passed the Senate in late February but was not able to make it out of the House before the Georgia legislature closed.
In Maine, another work session was held on LD 1973 / LD 1977. An amended bill was voted out of committee. This bill is one to watch as it contains unique data minimization provisions.
In Maryland, the House Economic Matters Committee held a hearing on SB 541 on March 28. That bill previously passed the Senate, and its companion bill previously passed the House. During the hearing, it was noted that there are ten pages of differences between the House and Senate companion bills that need to be resolved. Maryland’s legislature closes April 8.
In other committee news, a committee hearing was held on Rhode Island’s HB 7787 on March 28. The committee recommended that the measure be held for further study. In Vermont, the Senate Economic Development committee held a walkthrough of H.121 on March 29. That bill passed the Vermont House last week.
There also was one new bill introduced last week. In Delaware, a group of lawmakers introduced HB 359 on March 28. The bill would apply the provisions of the Delaware Personal Data Privacy Act to the Delaware state government.
In California, AB 1824 was amended and would now modify the CCPA’s right to opt out of sales/shares to provide that a business to which another business transfers the personal information of a consumer as an asset that is part of a merger, acquisition, bankruptcy, or other transaction in which the transferee assumes control of all of, or part of, the transferor shall comply with a consumer’s opt-out. The bill is set for an April 2 committee hearing.
Also, AB 3048 and AB 1949 are set for committee hearings on April 2. AB 3048 deals with the use of opt-out preference signals. AB 1949 deals with amending the CCPA’s children’s privacy provisions.
In health data privacy bill developments, Colorado’s HB 1058 passed the Colorado Senate on March 26. It previously passed the House in early February. The bill adds biological data (defined to include neural data) to the Colorado Privacy Act’s definition of sensitive data. The bill goes into effect ninety days after the Colorado General Assembly adjourns.
In Illinois, a hearing was scheduled on HB 4093 – the Illinois Health Data Privacy Act – on April 3.
In children’s privacy bill developments, the Maryland Kids Code (HB 603) passed through a second reading in the Senate. The bill already passed the Maryland House in early March. The bill is an Age-Appropriate Design Code Act variant. Meanwhile, a House committee hearing was held on the Senate companion bill (SB 571) on March 28.
In biometric privacy bill news, the Colorado Senate Judiciary Committee held a hearing on HB 1130 on March 27. No votes were taken.
2. Bill Tracker Charts
For more information on all of the bills introduced to date, including links to the bills, bill status, last action, hearing dates, and bill sponsor information, please see the following charts:
- Consumer Data Privacy Bills
- Biometric Privacy Bills
- Children’s Privacy Bills
- Consumer Health Data Privacy Bills
- Data Broker Bills
Husch privacy clients can access unredacted copies of the charts through Byte Back+.
3. Bill Tracker Maps
To access our tracker maps, click the following links: