Ropes & Gray has developed an interactive state privacy law tracker to help clients stay up to date with developing comprehensive state privacy laws.
“The rapidly evolving regulatory enforcement activity is evidence of an increased focus on sensitive personal data and health data privacy, imposing new obligations on AdTech, and reshaping the regulatory landscape across industries,” said data, privacy, and cybersecurity partner Fran Faircloth. “Affected businesses will need to adapt and be mindful of compliance requirements.”
To date, comprehensive privacy laws looking to regulate health privacy, youth privacy, online platforms, and data brokers, are in effect in California, Colorado, Connecticut, Utah, and Virginia. The laws of Texas, Florida, Oregon, and Montana will be introduced later this year, followed by Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Tennessee, and Maryland in 2025, and Indiana and Kentucky in 2026.
The proposed American Privacy Rights Act of 2024, aims to establish the first ever federal standard for comprehensive data privacy and security regulation and, as such, create a national privacy law that outlines new obligations for businesses that process common forms of consumer personal information. It also creates and has meaningful enforcement mechanisms through both a private right of action and FTC enforcement.
Unless Congress passes APRA with preemption intact, the evolving state regulatory landscape will continue to mandate how most businesses must handle personal information.
Stay Up To Date with Ropes & Gray
Ropes & Gray attorneys provide timely analysis on legal developments, court decisions and changes in legislation and regulations.
Stay in the loop with all things Ropes & Gray, and find out more about our people, culture, initiatives and everything that’s happening.
We regularly notify our clients and contacts of significant legal developments, news, webinars and teleconferences that affect their industries.