US State Privacy Legislation Tracker
*scroll horizontally to view more cells
State | Introduced | Signed | Bill & Link | Name | Effective Date |
---|---|---|---|---|---|
California | CCPA | California Consumer Privacy Act | January 1, 2020 | ||
Colorado | SB 190 | Colorado Privacy Act | July 1, 2023 | ||
Connecticut | SB 6 | Connecticut Data Privacy Act | July 1, 2023 | ||
Delaware | HB 154 | Delaware Personal Data Privacy Act | January 1, 2025 | ||
Florida | SB 262 | Florida Digital Bill of Rights | July 1, 2024 | ||
Indiana | SB 5 | Indiana Consumer Data Protection Act | January 1, 2026 | ||
Iowa | SF 262 | Iowa Consumer Data Protection Act | January 1, 2025 | ||
Kentucky | HB 15 | Kentucky Consumer Data Protection Act | January 1, 2026 | ||
Maryland | SB 541 | Maryland Online Data Privacy Act | October 1, 2025 | ||
Minnesota | SF 2915 | Minnesota Consumer Data Privacy Act | July 31, 2025 | ||
Montana | SB 384 | Montana Consumer Data Privacy Act | October 1, 2024 | ||
Nebraska | LB 1074 | Nebraska Data Privacy Act | January 1, 2025 | ||
New Hampshire | SB 255 | January 1, 2025 | |||
New Jersey | SB 332 | New Jersey Data Privacy Act | January 15, 2025 | ||
Oregon | SB 619 | Oregon Consumer Privacy Act | July 1, 2024 | ||
Rhode Island | H 7787 | Rhode Island Data Transparency and Privacy Protection Act | January 1, 2026 | ||
Tennessee | HB 1181 | Tennessee Information Protection Act | July 1, 2025 | ||
Texas | HB 4 | Texas Data Privacy and Security Act | July 1, 2024 | ||
Utah | SB 227 | Utah Consumer Privacy Act | December 31, 2023 | ||
Virginia | SB 1392 | Virginia Consumer Data Protection Act | January 1, 2023 | ||
Georgia | SB 473 | Georgia Consumer Privacy Protection Act | |||
Hawaii | SB 3018 | Consumer Data Protection Act | |||
Illinois | SB 3517 / HB 5581 | Privacy Rights Act / Illinois Privacy Rights Act | |||
Louisiana | HB 947 | Louisiana Consumer Privacy Act | |||
Maine | LD 1973 / LD 1977 | Maine Consumer Privacy Act / Data Privacy and Protection Act | |||
Massachusetts | H 83 / S 25 / H 60 / S 227 / HD 3245 / S2270 | Massachusetts Data Privacy Protection Act, Massachusetts Information Privacy and Security Act, Internet Bill of Rights, Massachusetts Data Privacy Act | |||
Michigan | SB 659 | Michigan Personal Data Privacy Act | |||
Missouri | SB 731 / SB 1501 | ||||
New York | A 6319 / SB 3162 / A 4374 / A 3593 / A 3308 / SB 2277 / SB 365 / A 2587 / S 5555 | New York Privacy Act, New York Data Protection Act, It’s Your Data Act, Digital Fairness Act, American Data Privacy and Protection Act | |||
North Carolina | SB 525 | North Carolina Consumer Privacy Act | |||
Ohio | HB 345 | Ohio Personal Privacy Act | |||
Pennsylvania | HB 1947 / HB 1201 | Pennsylvania Consumer Data Protection Act | |||
Vermont | S 269 / H 121 | Vermont Data Privacy Act | |||
West Virginia | HB 5698 / HB 5112 | Consumer Data Protection Act | |||
Wisconsin | AB 466 / SB 642 |
Frequently Asked Questions
The California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR) both aim to protect personal data, but they differ in various ways:
- Scope: The CCPA applies to businesses operating in California and collecting personal information of California residents, while the GDPR applies to all organizations working within the EU, or dealing with data of EU citizens, irrespective of their country location.
- Rights: Both give individuals the right to access and delete their data, but the GDPR also includes rights like rectification (correcting inaccurate data) and objection (objecting to processing personal data), which the CCPA does not explicitly provide.
- Enforcement: The GDPR has more vigorous enforcement and steeper penalties, with maximum fines of up to €20 million or 4% of annual global turnover, whichever is higher. CCPA’s penalties can reach up to $7,500 per intentional violation.
- Consent: The GDPR requires citizens’ explicit and informed consent before collecting personal data, while the CCPA does not require upfront approval but does provide citizens the right to opt out of data sales, preventing organizations from selling a citizen’s personal data.