United States of America: Consumer Privacy Act (SB 757) was introduced to Senate of North Carolina

On 25 March 2025, the Consumer Privacy Act (SB 757) was introduced to the Senate of North Carolina. The Act applies to businesses operating in or providing services to the residents of the state with annual revenues of at least USD 25 million and either processing data of 100,000 or more consumers or deriving at least 50% of gross revenue from selling personal data of 25,000 or more consumers. The Act grants consumers rights to access, delete, and port their data, and to opt out of targeted advertising and data sales. It requires controllers to respond to requests within 45 days, publish clear privacy notices, and obtain opt-in consent for sensitive data processing, with additional safeguards for children’s data aligned with Children's Online Privacy Protection Act. Pseudonymous and de-identified data are exempt from consumer rights obligations if safeguards are in place. The Act provides that enforcement lies solely with the Attorney General and penalties may reach USD 7,500 per violation.