Keypoint: Last week, the Nebraska Governor signed the Nebraska Data Privacy Act into law, the Maine legislature closed without passing a consumer data privacy bill, Colorado’s biological/neural data bill was signed into law, and there were developments with bills in California, Virginia, Minnesota, Vermont, Wisconsin and Iowa.
Below is the thirteenth weekly update on the status of proposed state privacy legislation in 2024.
Table of Contents
- What’s New
- Bill Tracker Charts
- Bill Tracker Maps
1. What’s New?
In Nebraska, Governor Jim Pillen signed the Nebraska Data Privacy Act (LB 1074) into law. Nebraska becomes the sixteenth state to pass a consumer data privacy law and edges out Maryland for that spot even though the Maryland bill was passed before the Nebraska bill. You can find our analysis of the Nebraska law here.
In Maine, there was a whirlwind of activity that ultimately ended in the state not passing a consumer data privacy bill prior to its legislature closing. As we previously reported, Maine lawmakers had been engaging in extensive negotiations over the past few months to try to reconcile differences between two competing data privacy bills – LD 1973 and LD 1977. Yet, even after those extended negotiations, strong divisions remained as to the proper contours of a data privacy bill.
Consistent with the working group’s recommendation, the House and Senate both voted down LD 1973. That bill more closely aligned with the Connecticut Data Privacy Act.
On April 16, the House narrowly passed the other bill, LD 1977. However, on April 17, the Senate voted down LD 1977 by an 18-15 vote. In a remarkable floor debate, Maine lawmakers expressed concerns that LD 1977 would hurt Maine businesses and make Maine an outlier among states that have passed data privacy laws. In particular, lawmakers argued that the bill’s treatment of targeted advertising would prohibit first-party advertising but allow third-party advertising.
In Minnesota, Representative Elkins reported that his consumer data privacy bill was added to the House Commerce Finance omnibus bill last week. Meanwhile, Representative Bahner’s Age-Appropriate Design Code Act bill (HF 2257) advanced out of a committee last week.
In Vermont, another Senate committee meeting was held on H.121. That bill previously passed the House but has faced significant headwinds in the Senate.
There also were a number of developments with California bills:
- AB 2877 was amended and re-referred to a House committee. The bill now prohibits a developer from using a minor’s sensitive personal information to train an artificial intelligence system or service. The bill previously would have amended the CCPA to require California Privacy Protection Agency board members to have qualifications, experience, and skills in consumer rights.
- The Senate Judiciary Committee unanimously passed SB 1233 on April 16, and the bill was re-referred to the Senate Appropriations Committee. The bill seeks to add neural data to the CCPA’s definition of sensitive personal information.
- The House Committee on Privacy and Consumer Protection unanimously passed AB 3080, and the bill was re-referred to the House Judiciary Committee. The bill no longer seeks to amend the CCPA. As currently drafted, it would require a person or business that conducts business in California and seeks to make available products that are illegal for minors to take reasonable steps to ensure that the purchaser is of legal age at the time of purchase or delivery.
- AB 3204 (Data Digesters Registration Act) was amended and re-referred to House Committee on Privacy and Consumer Protection.
Finally, two legislatures adjourned without passing bills. The Wisconsin legislature adjourned on April 11. It had been considering companion data privacy bills. The Iowa legislature adjourned on April 16. It had been considering a bill to amend Iowa’s consumer data privacy law.
In biometric privacy bill news, the Colorado Senate passed a heavily amended HB 1130. The bill is now with the House for floor work. The bill seeks to add additional biometric privacy provisions to the Colorado Privacy Act. In Massachusetts, S.195 was reported out of one committee and referred to another.
In health data privacy bill news, Colorado Governor Jared Polis signed SB 1058 into law. The bill amends the Colorado Privacy Act to add biological data (and through it neural data) to the law’s definition of sensitive data. However, the impact of the amendment is debatable as the definition of biological data states that the data must be “used or intended to be used, singly or in combination with other personal data, for identification purposes.”
In children’s privacy bill news, the Colorado Senate Committee on Business, Labor & Technology passed SB 41 on April 16. The bill was referred to the Senate floor and is scheduled for floor work on Monday, April 22. The bill seeks to amend the Colorado Privacy Act to add additional provisions regarding children’s data.
In Vermont, S.289 – an Age-Appropriate Design Code Act variant – was the subject of another committee meeting on April 19.
Finally, we reported last week that the Virginia Governor had asked the House and Senate to consider a new version of HB 707 / SB 361, which bills seek to add additional children’s provisions to the Virginia Consumer Data Protection Act. The House and Senate reconvened this week and both rejected the Governor’s recommendation.
2. Bill Tracker Charts
For more information on all of the bills introduced to date, including links to the bills, bill status, last action, hearing dates, and bill sponsor information, please see the following charts:
- Consumer Data Privacy Bills
- Biometric Privacy Bills
- Children’s Privacy Bills
- Consumer Health Data Privacy Bills
- Data Broker Bills
Husch privacy clients can access unredacted copies of the charts through Byte Back+.
3. Bill Tracker Maps
To access our tracker maps, click the following links: