Explore the latest developments concerning The Patchwork of.
The Patchwork of Data Privacy Laws: Recent Developments and Implications
The data privacy landscape in the United States continues to evolve at a rapid pace, but state-to-state changes are seldom uniform. For businesses operating across multiple jurisdictions, the challenge of maintaining compliance is increasingly complex and requires ongoing monitoring of regulatory developments. A few recent developments worth monitoring include Maryland’s new comprehensive privacy law, Rhode Island’s distinctive approach to applicability, Connecticut’s Artificial Intelligence (AI) disclosure amendment, California’s treatment of youth data as sensitive personal information, and updates to the federal Children's Online Privacy Protection Act (COPPA) framework.
Maryland’s Online Data Privacy Act (MODPA), signed into law on May 9, 2024, represents one of the most stringent state privacy regimes enacted to date. The law became effective on October 1, 2025, though it does not apply to personal data processing activities that occurred before April 1, 2026. This approximately 18-month implementation timeline, which will soon close at the time of this article's publication, has now largely elapsed, making compliance a pressing priority as organizations should anticipate enforcement efforts to begin imminently.
Big tech is watching
This work is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License.
You are free to republish the text of this article both online and in print. We ask that you follow some simple guidelines:
Welcome to CommonWealth Beacon, your free, non-partisan source for in-depth news and opinion on policy, politics, and civic life. Sign up for The Saturday Send to get the latest news and commentary on the stories that matter to Massachusetts.
THE TYPE AND AMOUNT of data that technology companies can collect about their users – and how it can be used – is governed by a patchwork of state laws and sector-specific regulation in the United States. As states like Massachusetts move to tighten protections around abortion access and limit federal immigration enforcement actions locally, debates over data privacy are spilling into those conversations.
4-Slice Panini Press Grill Gourmet Sandwich Maker Stainless Steel Non-Stick Plates Opens 180 Degrees Any Food Compact Size Easy
US state privacy landscape complicates global privacy compliance
As Congress struggles to translate years of debate over a comprehensive US federal data privacy framework into law, state legislatures and attorneys general continue to drive the development of the US data privacy regulatory landscape.
While there are some federal privacy laws, these are mostly sector-specific like the Gramm-Leach-Bliley Act (GLBA) for financial institutions (FIs) or the Health Information Portability and Accountability Act (HIPAA) for certain health care entities, or narrow like the notably idiosyncratic Video Privacy Protection Act (VPPA) for companies handling audiovisual materials – a recent favourite of the plaintiff’s bar.
However, a total of 19 states have now enacted comprehensive data privacy laws that impose similar but slightly varying obligations around transparency, consumer rights, risk assessments and purpose limitations for businesses that collect and process US consumer personal data. Layered onto these comprehensive state privacy laws are more narrow state privacy laws that target only certain types of data or particular use cases.
For more detailed information, explore updates concerning The Patchwork of.
Leave a Reply