Keypoint: Texas enacts two amendments to its data broker law while New York’s legislature passes a social media warning bill.
Below is the twenty fourth weekly update on the status of proposed state privacy legislation in 2025. As always, the contents provided below are time-sensitive and subject to change.
Table of Contents
- What’s New
- AI Bills
- Bill Tracker Chart
1. What’s New
The big news this week comes out of Texas where Governor Abbott signed the two data broker amendment bills into law – SB 2121 and SB 1343. Both amendments go into effect September 1, 2025.
SB 1343 modifies the law’s notice provisions to require data brokers to inform consumers how to exercise any rights they may have under the state’s data privacy law.
SB 2121 modifies the law’s definition of data broker to remove the requirement that the sale of data be the entity’s principal source of revenue. The definition will now state that a data broker is a “business entity that collects, processes, or transfers personal data that the business entity did not collect directly from the individual linked or linkable to the data. The bill also changes the law’s applicability section. The law will now state that it applies to a data broker that, in a 12-month period, derives “(1) more than 50 percent of the data broker’s revenue directly from processing or transferring personal data not collected by the data broker directly from the individuals to whom the data pertains; or (2) revenue directly from processing or transferring the personal data of more than 50,000 individuals not collected by the data broker directly from the individuals to whom the data pertains.
The bill analysis for SB 2121 explains that “state law relating to data brokers contains a discrepancy between the definition of data broker and the statutes that establish the applicability of such law. [D]ata brokers have attempted to use this textual discrepancy to argue that the law does not apply to them, which harms consumers and decreases vital transparency measures[.] [T]he Office of the Attorney General has requested these errors to be corrected. C.S.S.B. 2121 seeks to correct the discrepancy so the law applies to the intended companies and is applied as originally intended.”
Meanwhile, prior to closing for the year on June 17, New York’s legislature passed S4505. The bill makes it unlawful for covered operators to provide “an addictive feed, autoplay, infinite scroll, like counts and/or push notifications to a covered user unless such operator displays a warning label each time that such user accesses such operator’s addictive social media platform.”
Overall, we tracked thirty two bills filed in New York this year. The only other bill to pass the legislature was the New York Health Information Privacy Act (S 929), which still has not been sent to the governor. We provided a summary of that bill here.
2. AI Bills
Our latest edition of Byte Back AI is now available to subscribers. Subscriptions start as low as $50/month. In this edition, we provide:
- Updates on new laws in Texas and bills passing the legislatures in Maine, New York, and Rhode Island.
- Our special feature this week – a summary of Nevada’s AB 325 (AI in emergency management).
- Our “three things to know this week.”
- An updated state AI bill tracker chart.
Click here for more information on paid subscriptions.
3. Bill Tracker Chart
For more information on all of the privacy bills introduced to date, including links to the bills, bill status, last action, and hearing dates, please see our bill tracker chart.