Washington – The Computer & Communications Industry Association is testifying today before the New Mexico Senate Health and Public Affairs Committee in opposition to SB 53, warning that the proposal would depart sharply from established state privacy frameworks and could unintentionally harm consumers, small businesses, and innovation across the state.
While CCIA supports strong privacy protections for New Mexicans, SB 53 takes an unprecedented approach that conflicts with comprehensive privacy laws already adopted in more than 20 states. By creating unique and restrictive standards around data processing, consent, and liability, the bill risks making New Mexico an outlier and a more difficult environment for digital commerce.
SB 53 would prohibit most data processing unless it is deemed “necessary,” a standard that lacks a clear legal or technical definition. This uncertainty could force companies to limit functionality, reduce services, or offer only basic versions of products in New Mexico. All of which would leave New Mexicans with fewer features and diminished digital experiences than consumers in neighboring states.
The bill would also significantly expand government oversight by applying to entities that process data from as few as 15,000 consumers, far below the 100,000-consumer threshold used in states like Virginia and Utah. This lower threshold would capture small and mid-sized New Mexico businesses that lack the legal resources to navigate complex compliance requirements.
CCIA is particularly concerned with the bill’s treatment of “derived data,” which includes inferences, predictions, and assumptions. Unlike other state privacy laws, SB 53 regulates these analytical outputs as personal data. This could make routine functions such as content recommendations, service improvements, and artificial intelligence systems legally risky or infeasible.
In addition, SB 53 establishes a private right of action for any alleged violation of the law. Unlike California’s limited approach, which restricts private lawsuits to data breaches, SB 53 would allow litigation over subjective disagreements about whether data use was “necessary.” This provision could incentivize costly class-action lawsuits and discourage companies from operating or innovating in the state.
CCIA supports privacy legislation that reflects lessons learned from other states and balances consumer protection with economic competitiveness. SB 53, as drafted, risks isolating New Mexico’s digital economy and frustrating consumers with excessive consent requirements and reduced services.
The following statement can be attributed to Aodhan Downey, West Region State Policy Manager for CCIA, who will testify against the bill:
“Protecting the privacy of New Mexicans is an important shared goal. Unfortunately, SB 53 departs significantly from the privacy frameworks that have already been successfully implemented across the country. The bill’s expansive definitions of personal data and unprecedented private right of action create serious uncertainty for businesses, especially small and emerging companies. We urge lawmakers to build on proven models that protect privacy while keeping New Mexico competitive, innovative, and open to the technologies that consumers rely on every day.”
