Washington – The Computer & Communications Industry Association released its wrap up of state legislative activity around online privacy this past session with its State Privacy Landscape report. The legislative year ended with 136 privacy bills in over 30 states still under consideration and six more comprehensive state privacy laws added.
Kentucky, Maryland, Minnesota, Nebraska, New Hampshire, and Rhode Island successfully signed new comprehensive privacy bills into law, bringing the total to 20 states that have done so.
CCIA has advocated for comprehensive federal privacy legislation and supported baseline privacy measures for 25 years.
The following may be attributed to CCIA Northeast Regional Policy Manager Alex Spyropulos:
“It is understandable for states to move ahead with privacy protections due to the lack of federal action to establish baseline privacy rules. Much of the activity around new privacy protections took place in northeastern states this year with New Hampshire and Rhode Island passing privacy bills while Maine and Vermont failed to get data privacy laws across the finish line. Some of the conflicts within states that didn’t ultimately pass bills were due to disagreements over standards or definitions and trying to match those with Europe’s privacy laws. In 2025, New England has the potential to become the first region in the country in which all states have passed a data privacy law, and CCIA looks forward to continuing conversations in Maine, Vermont, and Massachusetts.”
The following can be attributed to CCIA State Policy Manager Jordan Rodell:
“With over a third of states enacting privacy laws, we are closely monitoring whether more states will coalesce around similar rules and definitions. This consistency would not only help consumers understand their rights across state lines but also make compliance more manageable for businesses, regardless of size. However, Maryland and Minnesota have adopted frameworks that diverge from the prevailing models, which could pose implementation challenges, particularly for smaller businesses. States that have yet to enact comprehensive privacy laws should make it a priority in the coming year, focusing on consistent standards and guidelines to avoid a fragmented, patchwork system.”
