Texas Data Privacy and Security Act Signed into Law
Source: Texas Legislature | Date: 2024-07-01
Texas Data Privacy and Security Act Signed into Law marks a significant development in the rapidly evolving landscape of state privacy legislation in the United States. In the absence of comprehensive federal privacy law, states have become the primary drivers of privacy regulation, creating a patchwork of protections that varies significantly by jurisdiction but is collectively raising the baseline for privacy rights across the country.
Legislative Details
This development is part of a wave of state privacy legislation that began with the California Consumer Privacy Act (CCPA) in 2018 and has since expanded to include comprehensive privacy laws in Virginia, Colorado, Connecticut, Utah, Iowa, Indiana, Tennessee, Montana, Texas, Oregon, Delaware, New Jersey, New Hampshire, Kentucky, Nebraska, Maryland, Minnesota, and Rhode Island, with additional states considering legislation.
While the specific provisions vary by state, most comprehensive state privacy laws share common elements: the right to know what personal information a business collects about you, the right to delete personal information, the right to opt out of the sale or sharing of personal information, the right to correct inaccurate personal information, and protections against discrimination for exercising these rights. Some states go further, addressing sensitive data (requiring opt-in consent), biometric information, health data, children's data, or specific technologies like automated decision-making and profiling.
Privacy Impact
State privacy laws have already had measurable impact on corporate data practices. The CCPA and CPRA in California have forced companies nationwide to implement "Do Not Sell My Personal Information" mechanisms, provide data access and deletion tools, and modify their data collection practices. Virginia's VCDPA has pushed companies to implement data protection assessments. Colorado's CPA has introduced the concept of universal opt-out mechanisms, allowing consumers to signal their privacy preferences through browser settings or extensions like the Global Privacy Control.
However, the state-by-state approach also creates significant challenges. Companies face a complex compliance landscape with varying requirements across jurisdictions. Consumers in states without privacy laws lack the protections available to residents of California, Virginia, or Colorado. And enforcement resources vary dramatically — California's Privacy Protection Agency has dedicated staff and budget, while many states rely on already-stretched attorney general offices.
What This Means for You
Regardless of which state you live in, you should understand your privacy rights under applicable law. If your state has a comprehensive privacy law, exercise your rights: request your data, submit deletion requests, opt out of data sales, and file complaints when companies fail to comply. If your state does not have a privacy law, you may still benefit from the practices companies implement to comply with other states' laws — many companies apply their most protective practices nationwide rather than maintaining different systems for different states.
Contact your state legislators to advocate for strong privacy legislation if your state does not yet have a comprehensive privacy law. The momentum for state privacy legislation continues to build, and constituent advocacy plays a meaningful role in whether and how these laws are enacted. When advocating, push for laws that include a private right of action (allowing you to sue companies directly), meaningful penalties for violations, and coverage of emerging technologies like AI and biometric surveillance.
Staying Informed and Taking Action
This development is part of a broader pattern in the evolving digital privacy landscape. As technology companies, governments, and data brokers continue to expand their data collection capabilities, staying informed about privacy developments is essential for protecting yourself and advocating for stronger protections.
Practical steps you can take right now include reviewing your privacy settings on all major platforms, using privacy-focused alternatives for browsing (Firefox, Brave), search (DuckDuckGo), messaging (Signal), and email (ProtonMail). Enable two-factor authentication on all accounts, use a password manager, and regularly audit your digital footprint. Consider supporting organizations like the Electronic Frontier Foundation (EFF), the ACLU, and the Electronic Privacy Information Center (EPIC) that advocate for privacy rights through litigation, legislation, and public education.
File complaints with the FTC, your state attorney general, and relevant regulatory agencies when you encounter privacy violations. Consumer complaints drive enforcement priorities, and every report contributes to the data regulators use to identify patterns and prioritize cases. Document violations thoroughly — screenshots, emails, and timestamps create the evidentiary foundation for regulatory action and litigation.
The privacy landscape is shifting. Increased public awareness, growing regulatory enforcement, and the emergence of privacy-respecting alternatives are creating pressure for change. But lasting improvement requires sustained engagement from informed consumers who understand their rights and exercise them consistently.