State Rep. Evan Shanley (D) predicted Friday the Rhode Island House will vote on his comprehensive privacy bill this week. A House committee advanced an amended version of H-7787 on Thursday (see 2406060071). Shanley expects the Senate version (SB-2500) by Sen. Louis DiPalma (D) “will advance as well,” he told us. Meanwhile, the Vermont legislature delivered a privacy bill (H-121) to Gov. Phil Scott (R) Friday. He has five days to veto the bill, or it will become law. The tech industry seeks a veto due to differences with other state laws, including that Vermont’s bill has a broad private right of action (see 2405300038).
Rhode Island state legislators revised a comprehensive privacy bill at a hearing Thursday. The House Innovation Internet and Technology Committee voted 9-0 to recommend passage of a substitute to H-7787. The “biggest change” in the update accepted by the committee “is that we’re creating two classifications” of regulated entities, sponsor Rep. Evan Shanley (D) said during the livestreamed hearing. Any entity subject to Rhode Island jurisdiction that collects, stores and sells personally identifiable information would have to disclose on its website the categories of information collected and the entities to whom they have sold or may sell the data. Meanwhile, for larger companies that control or process data of at least 35,000 customers or do so for at least 10,000 while deriving more than 20% of profits from the sale of personally identifiable information, customers would have a right to know what data has been collected about them and opt out of such collection. Other changes are meant to harmonize the bill with other states’ privacy laws, Shanley said.
A special unit in the Texas attorney general’s office will enforce privacy laws, AG Ken Paxton (R) said Tuesday. Housed within the Consumer Protection Division, the team will enforce the state’s comprehensive privacy law that takes effect July 1, plus other state and federal data protection laws, the AG office said. “Any entity abusing or exploiting Texans’ sensitive data will be met with the full force of the law,” Paxton said. “Companies that collect and sell data in an unauthorized manner, harm consumers financially, or use artificial intelligence irresponsibly present risks to our citizens that we take very seriously.”
Minnesota became the 19th state with a privacy law Friday when Gov. Tim Walz (D) signed an omnibus (HF-4757) that includes language from the state’s comprehensive data privacy bill. Legislators moved privacy language to that bill from a different omnibus (SF-4942) before it passed the legislature. Privacy lawyers say it mostly follows the Virginia and Connecticut model, while adding a right to question profiling decisions and other new requirements (see 2405200059). Vermont could become the 20th state with a comprehensive privacy law if Gov. Phil Scott (R) signs H-121 (see 2405130050).
New York state’s comprehensive privacy bill advanced Tuesday. At a livestreamed Senate Internet and Technology Committee meeting, a majority of the seven-member panel supported sending S-365 by Consumer Protection Committee Chair Kevin Thomas (D) to the Finance Committee. One member voted no and another voted “aye without recommendation.” The privacy bill passed the full Senate last year, but because the Assembly didn’t consider it in 2023, the bill returned to the Senate Jan. 3 (see 2402060028). The panel also advanced a bill (S-4377) requiring websites that collect Social Security numbers to post “clear and conspicuous notice on the homepage … about its privacy policy.” Nobody voted no on that bill, though one member supported it without recommendation. It will go to the floor.
Minnesota legislators supported net neutrality, data privacy, social media and broadband labor proposals before they adjourned Monday. Gov. Tim Walz (D) will next consider various omnibuses that include the proposed rules. The House voted 70-58 Friday to pass a commerce omnibus (SF-4097), which included net neutrality and social media disclosure proposals that cleared the Senate earlier last week (see 2405160033). On Saturday, the House voted 72-59 to pass a transportation and labor package (HF-5242) including industry-opposed broadband safety rules (see 2405070043). On Sunday, the House voted 70-11 to pass another commerce package (SF-4942), which included language from a comprehensive privacy bill (see 2405100047). Lawmakers passed the House’s broader version of the labor proposal, which includes a controversial provision allowing the state to prioritize broadband equity, access and deployment (BEAD) and other internet funding for contractors that pay prevailing wage and meet other standards. Senate Labor Committee Chair Jen McEwen (D), who sponsored the Senate's original bill, expects Walz to sign, her spokesperson said Monday. McEwen said she’s “very pleased” the legislature passed the proposal that “will improve worker safety and reduce interruptions to public utilities.” Minnesota Telecom Alliance CEO Brent Christensen, who opposed the labor proposal, told us a veto is unlikely since the governor’s staff was heavily involved in getting the bill passed. Christensen called the net neutrality measure "a really bad bill that didn’t need to happen." The state Commerce Department, which would investigate complaints, doesn't have the right skills to "determine what is a violation and what is normal traffic management," he said. "Any net neutrality action should come from the feds, not individual states." The privacy bill mostly looks like Washington state’s model, which was adopted in states like Virginia and Connecticut, “but with some significant and unique variations,” Husch Blackwell privacy attorney David Stauss blogged Sunday. Differences include “a novel right to question the result of a profiling decision, privacy policy provisions that increase interoperability with existing state laws, and new privacy program requirements such as a requirement for controllers to maintain a data inventory,” he said.
State senators narrowly approved Minnesota open internet rules Wednesday night. The Senate voted 34-32 in favor of a conference committee agreement on a Commerce omnibus (SF-4097), including language on net neutrality and transparency requirements for social media. It next needs a vote from the House, which convenes Friday. The legislature is set to adjourn Monday. Other than for reasonable network management, the bill would bar ISPs from engaging in “blocking lawful content, applications, services, or nonharmful devices,” paid prioritization or “unreasonably interfering with or unreasonably disadvantaging: (i) a customer's ability to select, access, and use broadband Internet service or lawful Internet content, applications, services, or devices of the customer's choice; or (ii) an edge provider's ability to provide lawful Internet content, applications, services, or devices to a customer.” Also, the state bill would ban “engaging in deceptive or misleading marketing practices that misrepresent the treatment of Internet traffic or content” and zero rating “in exchange for consideration, monetary or otherwise, from a third party” or zero rating some internet content in a category but not the entire category. It would be enforced by the state commerce department. The social media section would require platforms to disclose information about algorithms to users, including how they assess users’ perceptions of content quality. The net neutrality and social media rules would take effect July 1, 2025. Minnesota legislators are also weighing a proposed comprehensive privacy law and controversial broadband labor requirements (see 2405070043). Also Wednesday, the Senate voted 36-31 to pass an anti-junk fees bill (HB-3438) that CTIA had opposed for including the wireless industry. The House passed the bill, as negotiated by a conference committee, in a 76-57 vote earlier this week.
The Vermont legislature passed bills on privacy and kids’ online safety Friday. After back-and-forth on amendments, the House and Senate agreed to a comprehensive data privacy bill (H-121). While final text wasn’t available Monday, “reports indicate that it has a narrow private right of action focused on data brokers and larger data holders and limited to the bill’s sensitive data and consumer health data provisions,” Husch Blackwell attorney David Stauss blogged. That might be a first among states (see 2403220040). The legislature also agreed to an age-appropriate design code bill (S-289) like the California law. Pouncing immediately, tech industry group NetChoice urged Vermont Gov. Phil Scott (R) to veto S-289. The bill “would chill lawful speech online and negatively impact Vermont’s vibrant small business community,” wrote NetChoice General Counsel Carl Szabo: “Similar requirements … have already been challenged and are currently enjoined.” Design It For Us, a youth advocacy group that originally campaigned to pass California’s kids code law, applauds the legislature “for working to protect young people from online harms and passing much needed Kids Code legislation despite industry efforts to defeat it,” said co-Chair Zamaan Qureshi in a statement. Accountable Tech, another supporter of such laws, also lauded passage of S-289. “It’s clear that momentum is on the side of young people fighting for safer online spaces as Vermont becomes the third state to pass age-appropriate design code legislation with the Vermont Kids Code,” said Executive Director Nicole Gill.
The number of states with privacy laws reached 18 after Maryland Gov. Wes Moore (D) signed SB-541/HB-567 on Thursday. Vermont and Minnesota could soon join the ranks. While not first, Maryland “sets the new standard” for state privacy laws and “raises the bar” for Congress, said Caitriona Fitzgerald, Electronic Privacy Information Center (EPIC) deputy director, in an interview. Meanwhile, in California, the first state with a privacy law, board members of the California Privacy Protection Agency (CPPA) slammed the preemptive current draft of a privacy bill from Congress.
Minnesota won’t craft a law that might put the state's $652 million allocation from NTIA’s broadband equity, access and deployment (BEAD) program in jeopardy, Senate Broadband Committee Chair Aric Putnam (D) pledged shortly after midnight Tuesday. Up late considering a labor budget bill that included an industry-opposed broadband safety proposal, senators voted 35-32 to reject amendments from Sen. Gene Dornink (R) that would have scrapped the worker safety plan.