United States of America: Arkansas Digital Responsibility Safety and Trust Bill (SB 258) including data protection regulation was introduced to Senate

On 19 February 2025, the Arkansas Digital Responsibility, Safety, and Trust Bill (SB 258) was introduced to the Senate. The Bill requires data controllers to conduct data protection assessments for activities that pose a heightened risk of harm to consumers, such as targeted advertising, the sale of personal data, profiling, and the processing of sensitive data. These assessments must weigh the benefits of data processing against the potential risks to consumer rights and implement safeguards to mitigate those risks. Additionally, controllers are required to adhere to the principle of data minimisation, limiting the collection of personal data to what is necessary for specified purposes. They must also ensure that de-identified data cannot be re-identified and are subject to contractual obligations to prevent misuse.