Businesses are working toward compliance with Maryland’s comprehensive privacy law, despite its differences with 19 other states' comprehensive privacy laws, two McNees privacy attorneys said in an interview with Privacy Daily on Monday. Devin Chwastyk, who co-chairs the firm’s privacy and data security group, predicted “the phone will start ringing with more vigor” as the Maryland Online Data Privacy Act’s April 1 “enforcement deadline approaches.” In addition, he said MODPA may signal the end of “cookie-cutter” state privacy bills.
The state privacy patchwork continues to change as lawmakers tinker with comprehensive laws passed in previous years, the Future of Privacy Forum said Friday as it released an update to last year’s “Anatomy of a State Comprehensive Privacy Law” report.
Privacy professionals expected more states to enact comprehensive privacy laws this year, but none of the bills introduced this year crossed the finish line, they said Thursday on a TrustArc webinar. Instead, states passed narrowly tailored privacy legislation or amendments to existing laws. In addition, several court decisions and enforcement actions drilled deep into top privacy issues, the privacy pros said.
If the last three years in state privacy "was really the bill-passing phase,” then 2026 “might be the year of enforcement,” said DBR Tech Law’s Nicole Sakin McNeill on a Wednesday webinar by Privado, a privacy compliance vendor.
There’s a lot of “basic” work companies can do to update front-facing websites and apps and avoid unnecessary attention from federal and state regulators in 2026, former FTC officials said Wednesday during a Red Clover Advisors webinar.
Vermont could next year join California in requiring browsers to include an option for activating global opt-out preference signals (OOPS). Rep. Monique Priestley (D), who also will be pursuing a comprehensive privacy bill and at least one data broker measure (see 2512040015), has a draft bill pending on “Browser Opt-Out,” among many other bills about data and AI, according to Priestley’s webpage as updated Friday.
State privacy trends this year include increased transparency requirements, enhanced protections for children and tinkering with existing privacy laws to clarify obligations and close loopholes, the Computer & Communications Industry Association said Thursday. CCIA released a report and updated maps on state privacy legislation in 2025.
Vermont Rep. Monique Priestley (D) will push again for comprehensive privacy legislation -- and probably one of two data broker bills -- when the legislature returns Jan. 8, she said in an interview last week with Privacy Daily. A series of town halls yielded much public excitement for privacy protections and potential new support from small businesses next year, said Priestley, who also will be running for state senator in 2026 (see 2510290024).
Possible federal preemption of state laws and concerns about whether the FTC has the bandwidth to enforce new kids’ privacy and safety measures came up frequently during a hearing Tuesday of the House Commerce Committee subcommittee on Commerce, Manufacturing and Trade. The session was meant to discuss nearly 20 kids’ privacy and safety bills (see 2511250080).
An Indiana Data Consumer Bill of Rights released last week by Attorney General Todd Rokita (R) informs state residents about privacy rights that they will have under the comprehensive privacy law, which takes effect Jan. 1.