US state privacy bills on the horizon in 2023
US state privacy bills on the horizon in...

US state privacy bills on the horizon in 2023

Stay up to date with the latest news in US state privacy law, with bill highlights, legislation status, as well as resources to help your organization stay compliant

Param Gopalasamy Content Marketing Specialist, CIPP/E, CIPM

clock4 Min Read

Featured Image

*Last updated on 01/19/23

There’s a lot of movement in the US state privacy landscape heading into 2023. With the California Privacy Rights Act (CPRA) and Virginia’s Consumer Data Protection Act (CDPA) in effect as of January 1, 2023, the Colorado Privacy Act (CPA) and Connecticut Data Protection Act (CTDPA) going into effect in July 2023, and the Utah Consumer Privacy Act (UCPA) going into effect at the end of the year on December 31, 2023 – that’s five new regulations to keep an eye on and ensure compliance with already.  

To top that off, many new states are also proposing their respective privacy bills forward. So far, we’ve got seven new states with comprehensive state laws in the works, along with an amendment to Virginia’s CDPA. However, privacy bills are much easier to come by than privacy laws. We’ve seen multiple bills introduced to the house and senate floors over the past couple years, only to be stopped in their tracks, with American Data Privacy Protection Act (ADPPA) being the most recent example at the federal level. Let’s look at the legislation proposed in 2023.  

Legislation spotlight

State: New York (New York Privacy Act)

Bill Highlights:

  • Opt-in is required for processing sensitive data  
  • Private right of action for violation of opt-out rights 
  • Requirements for data protection impact assessments (DPIAs) 
  • Targeted advertising is not considered “necessary” to provide services or goods to consumers 
  • Consumers have the avenue to appeal decisions from automated decision making, assessment is required to determine if the system has discriminatory results  

State: Virginia (Amendment relating to the CDPA)

Bill Highlights:

  • Verifiable parental consent is required regarding children’s data (can be verified through government ID, payment systems, or a signed consent form)
  • Parents have the option to consent to the collection and use of the child’s personal data without consent to its disclosure to third-parties
  • “Child” is now redefined as being younger than 18 (previously younger than 13)

State: Kentucky (An Act relating to consumer data privacy)

Bill Highlights:

  • Right to opt-out of targeted advertising, tracking, and sale or sharing of personal data 
  • Universal preference signals, such as the GPC, must be honored by businesses 
  • Controller requirement for quarterly reporting to the AG and Legislative Research Commission including categories and amount of personal data processed, as well as the number of identifiable consumers 

State: Tennessee (Tennessee Information Protection Act)

Bill Highlights:

  • Data minimization practices are mentioned, controllers must limit data collection to “what is adequate, relevant, and reasonably necessary” for the purpose 
  • Right to opt-out of the sale of personal information 
  • Data protection assessments are required in the case of targeted advertising, sale of personal information, profiling, sensitive data processing, and any other processing that poses a “heightened risk of harm” to consumers 

States with privacy legislation underway

How OneTrust can help your organization with privacy compliance 

With 5 new laws coming into effect and even more on the horizon, staying on top of privacy compliance requires the right expertise. Take a look at our resources below to learn more about how your organization can stay compliant and be prepared for new privacy legislation as well.  

The ultimate guide to US privacyUse this guide to learn exactly what measures your organization needs to take to comply with the new regulations coming into effect.  

Comprehensive US privacy law book: Have the law at your fingertips with this law book that lays out the text of all major US state privacy laws.  

US privacy masterclass webinar series: View our US privacy masterclass webinars on-demand to get advice from OneTrust’s privacy experts on different areas to watch out for when going about privacy compliance.  

OneTrust DataGuidance: Get the regulatory research, privacy news, and legal guidance you need from our DataGuidance portal, powered by privacy and legal experts from around the world. This includes coverage of 300 jurisdictions, updates in 100 languages, and 500 lawyers providing their expertise with real-time regulatory updates. Monitor regulations that apply to your organization and get advice from analysts to make sure your data policies are up to date and compliant. 

You Might Also Be Interested In


JANUARY 25, 2023

Your guide to celebrating Data Privacy Day 2023

JANUARY 17, 2023

Speak-up culture toolkit: Leveraging disclosure data to drive a speak-up culture

JANUARY 13, 2023

Addressing UK app Code of Practice requirements with OneTrust

JANUARY 12, 2023

Ultimate guide to the EU CSRD ESG regulation for businesses

JANUARY 11, 2023

Continuous improvement: The leading indicator for successful compliance programs

JANUARY 10, 2023

Build trust, promote your program in the Third-Party Risk Exchange

JANUARY 9, 2023

Building trust in a zero trust world

JANUARY 9, 2023

Consent management by the numbers: 2022 DMA report summary

BackToTop
Onetrust All Rights Reserved