CCIA 2025 Privacy Landscape One Pager
WASHINGTON – The Computer & Communications Industry Association has released a new report today examining the expansion of state-level privacy legislation in 2025. As Congress stalls on a national privacy standard, states have moved ahead with their own frameworks. The result is a growing patchwork of rules that affect consumers, businesses, and the broader digital economy.
The report identifies three major trends shaping privacy policymaking this year: increased requirements for “meaningful transparency,” expanded protections for minors, and ongoing amendments to existing privacy laws aimed at clarifying obligations and closing technical loopholes. While these trends reflect legitimate efforts to strengthen consumer protections, the report cautions that diverging state approaches may create confusion for users and additional compliance burdens for businesses operating across multiple jurisdictions.
In California, lawmakers advanced new proposals on children’s privacy, opt-out mechanisms, and data management. The California Consumer Privacy Act (CCPA) remains in an extended rulemaking process through 2025. Continued legislative activity is expected as California begins the 2026 session.
In Massachusetts, the legislature considered several consumer privacy proposals during the first half of its full-year session, although none advanced to the floor. Because these measures will carry over into 2026, Massachusetts remains a key state to watch as lawmakers evaluate how to align with or diverge from broader national trends.
In Vermont, legislators revisited comprehensive privacy reforms but did not advance new statewide protections in 2025. After Governor Scott vetoed the Vermont Data Privacy Act in 2024, two new privacy measures introduced in 2025 – S.71 and H.208 – failed to progress. Privacy reform is expected to remain a priority for state leadership ahead of the 2026 session.
Across the country, states also continued to refine existing privacy laws. The report notes that differing requirements, such as Maryland’s strict data minimization rules, highlight the challenges of navigating a fragmented privacy environment. CCIA continues to support a consistent, technology-neutral federal privacy standard that provides clear consumer rights and predictable obligations for businesses nationwide.
The report includes updated national maps outlining comprehensive state privacy laws and newly introduced legislation.
The following statement can be attributed to Megan Stokes, State Policy Director for CCIA:
“State lawmakers are continuing to explore how best to protect consumer data while supporting a healthy, competitive digital ecosystem. As these efforts evolve, it’s essential that privacy legislation be clear, workable, and aligned with the realities of how technology operates. A growing patchwork of divergent state rules risks creating confusion for consumers and unnecessary barriers for businesses of all sizes. CCIA looks forward to working with policymakers to advance privacy protections that strengthen transparency, improve user trust, and ensure consistent expectations across the country.”
