Bill
Bill > H7787
RI H7787
Creates the Rhode Island Data Transparency and Privacy Protect Act for data privacy protections for the personal data of the citizens of Rhode Island.
summary
Introduced
02/29/2024
02/29/2024
In Committee
06/06/2024
06/06/2024
Crossed Over
06/13/2024
06/13/2024
Passed
06/29/2024
06/29/2024
Dead
Signed/Enacted/Adopted
06/29/2024
06/29/2024
Introduced Session
2024 Regular Session
Bill Summary
This act would create the Rhode Island Data Transparency and Privacy Protect Act for data privacy protections for the personal data of the citizens of Rhode Island, requiring any person or entity that processes personal data to identify all categories of information the controller collects, when the controller may disclose such information, how a customer may exercise their customer rights, the purpose for processing the personal data, categories of personal data share with a third party, and means to contact the controller. Entities that control or process personal data of not less than 35,000 customers or at least 10,000 customers and derive more than twenty percent (20%) of gross revenue from the sale of personal data are subject to additional disclosure requirements and must allow customers the right to opt out of the collection of personally identifiable information. Any violation of this act would constitute a violation of the general regulatory provisions of commercial law and constitute a deceptive trade practice. A fine would be imposed for each violation of not less than one hundred dollars ($100) and no more than five hundred dollars ($500). This act would take effect on January 1, 2026.
AI Summary
This bill creates the Rhode Island Data Transparency and Privacy Protect Act, which establishes data privacy protections for the personal data of citizens of Rhode Island. The key provisions include:
- Requiring commercial websites and internet service providers that collect and sell customers' personal data to disclose what information they collect, who they sell it to, and how customers can contact them.
- Applying additional disclosure and opt-out requirements to entities that control or process personal data of at least 35,000 customers or at least 10,000 customers from whom they derive over 20% of revenue from data sales.
- Granting customers various rights, such as confirming if their data is being processed, correcting inaccuracies, obtaining copies of their data, and opting out of targeted advertising, data sales, and certain automated decision-making.
- Establishing responsibilities for controllers and processors of personal data, including conducting data protection assessments for high-risk processing activities.
- Violations would constitute deceptive trade practices, with fines of $100-$500 per violation. The Attorney General has enforcement authority.
The bill exempts certain entities and data types, such as those regulated by HIPAA, the Fair Credit Reporting Act, and other federal laws. It takes effect on January 1, 2026.
Committee Categories
Business and Industry
Sponsors (10)
Evan Shanley (D)*,
Jose Batista (D),
Robert Craven (D),
Matthew Dawson (D),
Susan Donovan (D),
Jay Edwards (D),
Arthur Handy (D),
Joseph Solomon (D),
Camille Vella Wilkinson (D),
Brandon Voas (D),
Last Action
Effective without Governor's signature (on 06/29/2024)
Official Document
bill text
bill summary
Loading...
bill summary
Loading...
bill summary
| Document Type | Source Location |
|---|---|
| State Bill Page | https://status.rilegislature.gov/ |
| BillText | https://webserver.rilegislature.gov/BillText24/HouseText24/H7787Aaa.pdf |
| BillText | https://webserver.rilegislature.gov/BillText24/HouseText24/H7787A.pdf |
| BillText | https://webserver.rilegislature.gov/BillText24/HouseText24/H7787.pdf |
Loading...