Law: Texas Data Privacy and Security Act (TDPSA)

Regulator: The Texas Attorney General (AG)

Summary: On June 18, 2023, the Governor of Texas signed House Bill 4 for the Texas Data Privacy and Security Act (TDPSA) which will enter into effect on July 1, 2024, although provisions on the ability of consumers to direct a third party to opt out of the processing of personal data on their behalf do not enter into effect until January 1, 2025. The TDPSA introduces obligations for data controllers and processors, including disclosure and vendor management requirements, and establishes new consumer rights such as the right to access, deletion, be informed (confirmation), and the right to opt out of targeted advertising and the sale of personal data. Furthermore, the TDPSA provides the Texas Attorney General (AG) with enforcement powers but does not provide a private right of action.

The Identity Theft Enforcement and Protection Act under Chapter 521, Title 11 of the Business and Commerce Code (the Identity Theft Act) and Chapter 33, Title 7 of the Penal Code contain general privacy provisions focusing on the protection of personally identifiable information and sensitive personal information.

In addition, Texas has a range of specific data protection laws. This includes the Act relating to the registration of and certain other requirements relating to data brokers (the Data Broker Act) which establishes regulations for data brokers in Texas and will become effective on September 1, 2023. Likewise, the Act relating to an individual's genetic data (the Genetic Data Act), which applies to direct-to-consumer genetic testing companies, also entered into force on September 1, 2023. Finally, the Securing the Children Online through Parental Empowerment Act (the SCOPE Act) provides specific protections for children's personal data and enters into force on September 1, 2024.

You can follow legislative developments in the US through the USA State Law Tracker.