United States of America: Introduced Rhode Island Data Transparency and Privacy Protection Act in the House (H 7787)

On 29 February 2024, the Rhode Island Data Transparency and Privacy Protection Act was introduced in the Rhode Island House. The Act would mandate controllers to disclose their data collection, sharing, and processing practices and require them to identify categories of personal data collected, third parties to whom data may be disclosed, purposes for processing data, and categories of data shared with third parties. Controllers would also be required to provide a mechanism for customers to contact them and exercise their consumer rights, including opting out of data sales or targeted advertising. The Act limits data collection to what is adequate, relevant, and reasonably necessary for disclosed purposes. Certain entities, such as state bodies and nonprofit organisations, and specific data, including protected health information under HIPAA and patient-identifying information, would be exempted from the Act. The Act would not authorise the collection, storage, or disclosure of information prohibited by state or federal law. Each violation of the Act would be punished with a fine between USD 100 and USD 500.