The Computer & Communications Industry Association (CCIA) has released its State Privacy Landscape report, summarizing the state legislative activity on online privacy during the past session. As the legislative year concluded, 136 privacy bills across more than 30 states remained under consideration, while six new comprehensive state privacy laws were enacted.
Kentucky, Maryland, Minnesota, Nebraska, New Hampshire, and Rhode Island have signed new comprehensive privacy bills into law. This brings the total number of states with such laws to 20. The CCIA has been a long-time advocate for comprehensive federal privacy legislation and has supported baseline privacy measures for 25 years.
Alex Spyropulos, CCIA's Northeast Regional Policy Manager, commented on the situation: “It is understandable for states to move ahead with privacy protections due to the lack of federal action to establish baseline privacy rules. Much of the activity around new privacy protections took place in northeastern states this year with New Hampshire and Rhode Island passing privacy bills while Maine and Vermont failed to get data privacy laws across the finish line. Some of the conflicts within states that didn’t ultimately pass bills were due to disagreements over standards or definitions and trying to match those with Europe’s privacy laws. In 2025, New England has the potential to become the first region in the country in which all states have passed a data privacy law, and CCIA looks forward to continuing conversations in Maine, Vermont, and Massachusetts.”
Jordan Rodell, CCIA State Policy Manager, highlighted ongoing developments: “With over a third of states enacting privacy laws, we are closely monitoring whether more states will coalesce around similar rules and definitions. This consistency would not only help consumers understand their rights across state lines but also make compliance more manageable for businesses regardless of size. However, Maryland and Minnesota have adopted frameworks that diverge from the prevailing models which could pose implementation challenges particularly for smaller businesses. States that have yet to enact comprehensive privacy laws should make it a priority in the coming year focusing on consistent standards and guidelines to avoid a fragmented patchwork system.”
