As in Indiana and Kentucky, the start of 2026 brought into effect Rhode Island’s comprehensive consumer privacy law, the Rhode Island Data Transparency and Privacy Protection Act (RIDTPPA). This statute is not simply a replica of what has come before it.
While much of its terminology and mechanics will feel familiar to organizations already operating under multiple state privacy regimes, it also includes elements such as general applicability thresholds at the lower end of the typical range and broad privacy notice requirements. The similarities and distinctions make RIDTPPA easy to place within the broader U.S. privacy landscape, while also presenting a few compliance gray areas that merit closer attention.