As introduced: - Requires businesses to obtain affirmative opt-in consent from a consumer before collecting or processing their personally identifiable information. - Establishes the Office of Data Protection and Responsible Use to oversee compliance. - Grants consumers rights to access, correct, and delete their personal information, and to object to its processing for purposes like direct marketing or profiling. - Prohibits subjecting a consumer to a significant decision based solely on automated decision making, including profiling, except under certain conditions. - Prohibits the processing of sensitive personal information, including biometric and health data, without explicit consumer consent. - Requires data controllers to conduct data protection impact assessments for high-risk processing. - Requires notice to the state within 72 hours of a data breach, and requires notice to consumers if the breach is likely to result in a high risk to the rights and freedoms of a person.
| Date | Chamber | Action |
|---|---|---|
Jan 13, 2026 | — | Introduced in the Senate, Referred to Senate Commerce Committee |
| Last Action | Jan 13, 2026 |
| Year | 2026 |
| Bill Type | Bill |
| Created | Jan 14, 2026 |
| Updated | Jan 14, 2026 |