Law professor Daniel Solove writes:
The year kicked off with several privacy laws coming into effect, and there are several more scheduled to become active this year. Here’s a current list:
- Iowa (January 1, 2025)
- Delaware (January 1, 2025)
- Nebraska (January 1, 2025)
- New Hampshire (January 1, 2025)
- New Jersey (January 15, 2025)
- Tennessee (July 1, 2025)
- Minnesota (July 31, 2025)
- Maryland (October 1, 2025)
With about 20 states with a consumer privacy law (plus a growing number of subject-specific state privacy laws), the landscape is becoming unwieldy. But the laws share a lot of similarities, so it’s far from total madness.
Key Similarities and Differences
Here’s some help in cutting through the madness.
- All state consumer privacy laws are extraterritorial
- Unlike the GDPR, which applies to all types of entities, most state laws apply only to for-profit companies (exceptions: MN, DE, NJ, CO, OR, MD).
- Unlike the GDPR, nearly all state privacy laws don’t apply to the government (because in the U.S., governments hate to follow rules like everyone else) .
- Most define personal data similarly to the GDPR.
- Unlike the GDPR, most have thresholds to exclude small business (but thresholds vary).
Read more on LinkedIn.