As introduced: - Establishes a duty of loyalty for covered entities, requiring them to limit the collection, processing, and transfer of consumer data to what is strictly necessary and proportionate. - Prohibits the collection, processing, or transfer of consumer data for the purpose of cross-context behavioral advertising. - Prohibits covered entities from designing or using information technologies or data practices that materially mislead users, cause unavoidable harm, or exploit predictable biases to manipulate decision-making. - Requires covered entities to design and operate technologies in ways that reduce foreseeable harms, including mental and physical health risks, addiction-like use, bullying, harassment, and deceptive marketing. - Requires user-friendly controls by default, allowing users to limit contact, visibility of personal data, algorithmic recommendations, engagement-boosting features, geolocation sharing, and overall time spent, as well as delete accounts and data. - Requires risk-management policies and biennial public data loyalty assessments. - Requires disclosure of a privacy policy. - Creates a consumer right to access, correct, delete, and export their personal data held by a covered entity. - Requires covered entities that use algorithms posing a consequential risk of harm to conduct annual impact assessments and prohibits algorithmic discrimination. - Requires executives of large data holders to annually certify compliance to the Attorney General.
| Date | Chamber | Action |
|---|---|---|
Jan 29, 2026 | H | Read first time and referred to the Committee on Commerce and Economic Development |
| Last Action | Jan 29, 2026 |
| Year | 2025 |
| Bill Type | Bill |
| Created | Jan 29, 2026 |
| Updated | Jan 30, 2026 |