State privacy legislation

employee-scaled.jpeg

With three new state privacy laws that took effect on January 1, 2026 (Indiana, Kentucky, and Rhode Island), adding to an extensive list of others, many organizations are discovering that their website privacy practices haven’t kept pace. Even those that updated their websites recently are finding hidden gaps, often due to unnoticed changes in technological tools and files, such as first and third-party cookies, third-party analytics software, and/or third-party scripts, tags, and pixels. A website audit can prevent enforcement issues and potential litigation or arbitration demands.

In October 2023, California passed the Delete Act, which, in addition to requiring data brokers to register with the state, directed Cal Privacy (f/k/a the California Privacy Protection Agency or CPPA) to create a data deletion software tool by January 1, 2026. This deletion software tool, now called the Delete Request and Opt-Out Platform (DROP), allows California residents to submit a single request to require all registered data brokers to 1) delete their personal information, and 2) stop selling or sharing that information through one verified, government‑administered process, rather than contacting hundreds of companies individually.

Keypoint: Last week, the Connecticut legislature passed an amendment to the state’s consumer data privacy law and bills advanced in Oregon, California, Texas, Nevada, Louisiana, and New York.

Below is the twenty second weekly update on the status of proposed state privacy legislation in 2025. As always, the contents provided below are time-sensitive and subject

Keypoint: Last week, Oregon and New Jersey advanced bills to amend their state’s consumer data privacy laws, California committees advanced several bills, Nebraska enacted a social media law, and Texas advanced several social media bills.

Below is the twentieth weekly update on the status of proposed state privacy legislation in 2025. As always, the contents

Keypoint: Last week, Oregon’s legislature passed a bill to amend the state’s consumer data privacy law, the Connecticut Senate passed two bills, and there were developments with bills in New Jersey, Nebraska, Texas, Massachusetts, and Louisiana.

Below is the nineteenth weekly update on the status of proposed state privacy legislation in 2025. As always, the