Free subscription to the Capitol Journal keeps you current on legislative and regulatory news.
CA Senate Approves AI Companion Chatbots Safety Bill California’s Senate passed a bill ( SB 243 ) that would require artificial intelligence-powered companion chatbot platforms to remind users...
OR Lawmakers Close to Approving Unemployment for Striking Workers The Oregon House passed a bill ( SB 916 ) that would allow striking workers to receive unemployment benefits for up to 26 weeks. The...
CO Changes Way PBMs Paid Colorado Gov. Jared Polis (D) signed a bill ( HB 1094 ) that, among other things, will allow pharmacy benefit managers, starting in 2027, to only be paid a flat service fee instead...
LA Homeowners Sue Insurers over Inadequate Fire Coverage Victims of the Los Angeles wildfires in January have filed a pair of lawsuits claiming USAA, a Texas-based insurer that serves members of the...
A year ago, after the passage of a couple of strong data privacy laws in Maryland and Vermont, we wondered if states were starting to get tougher on consumer privacy . Even though this issue remains...
* The views expressed in externally authored materials linked or published on this site do not necessarily reflect the views of LexisNexis Legal & Professional.
A year ago, after the passage of a couple of strong data privacy laws in Maryland and Vermont, we wondered if states were starting to get tougher on consumer privacy.
Even though this issue remains of high interest to state legislators—with 39 comprehensive consumer privacy bills having been considered in 18 states as of late May, according to the International Association of Privacy Professionals (IAPP)—another joint report by the Electronic Privacy Information Center (EPIC) and the Public Interest Research Group (PIRG) found that recently enacted state data privacy laws still "largely fail to adequately protect consumers."
Last year, the two groups gave six of the 14 state laws that had been enacted at that time a grade of F for how well they protect consumers’ privacy. Another three received Ds and two got C-minuses, adding up to a grand total of 11 state comprehensive privacy laws (nearly 80%) with fairly poor grades.
The groups took another stab at grading the existing laws, and they didn’t fare much better. This year, the groups gave nine of the 19 existing state laws failing grades (Indiana, Iowa, Kentucky, Nebraska, Rhode Island, Tennessee, Texas, Utah and Virginia).
Three states—Connecticut, Montana and New Hampshire—received Ds. Three more—Delaware, Minnesota and Oregon—got C-minuses. New Jersey scored a C. Colorado a C-plus, Maryland a B-minus, and California a B-plus.
That’s 15 of 19 (79%) with poor grades. A one-percentage-point increase over last year.
EPIC and PIRG didn't pull any punches when explaining why these grades are so dismal: “Big Tech has played a big role in the passage of weak state privacy bills. Of the 19 laws states have passed so far, the vast majority closely follow a model that was initially drafted by industry giants such as Amazon.”
Their report continues: “Laws should not be written by the companies they regulate. Allowing Big Tech to shape our privacy rules enables them to consolidate their already outsized power in the economy and in our lives. Privacy rules should balance the scale in favor of the billions of people who rely on the internet in their day-to-day lives.”
You’ll note that Vermont wasn’t listed among the states graded by EPIC and PIRG this year. That’s because the bill that was passed there—HB 121—was vetoed by the state’s governor, Phil Scott (R).
Scott’s veto came after NetChoice, a trade group whose members include online businesses like Google, Meta, Yahoo! and TikTok urged the governor to block it, claiming it would “chill lawful speech” and spark needless litigation.
Vermont Rep. Monique Priestley (D), a sponsor of the bill, blasted the veto, saying, “I am deeply disappointed, though not surprised, that the governor succumbed to lobbyist pressures and failed to pass legislation vital to protecting Vermonters of all ages from the sale and abuse of their sensitive data.”
Scott said he disliked the bill because it included a novel private right of action provision and because it featured “unique expansive definitions” that would “create big and expensive burdens and competitive disadvantages” for small and mid-sized businesses.
At any rate, one of the toughest consumer data privacy bills passed in the nation so far failed to become law.
As of April 30, 39 comprehensive data privacy bills had been introduced in 18 states, according to the IAPP’s State Privacy Legislation Tracker. The number of bills is just slightly below last year’s total of 41, seven of which were enacted.
<p> </p>
Despite EPIC and PIRG's criticism of the recently enacted data privacy laws, state legislators still seem motivated to tackle the issue, judging by the volume of legislation being tracked by the IAPP. As IAPP put it, “State-level momentum for comprehensive privacy bills is at an all-time high.”
—By SNCJ Correspondent BRIAN JOSEPH
Visit our webpage to connect with a LexisNexis® State Net® representative and learn how the State Net legislative and regulatory tracking service can help you identify, track, analyze and report on relevant legislative and regulatory developments.