Key point: Connecticut’s Senate passed a bill to amend the state’s consumer data privacy law and create a new data broker registration law while bills advanced in California, Colorado, Delaware, and Louisianna.
Below is the fifteenth update on the status of proposed state privacy legislation in 2026. This post covers updates on proposed bills dealing with consumer data privacy, kid’s privacy, biometric privacy, data brokers, and consumer health data privacy. As always, the contents provided below are time-sensitive and subject to change.
What’s New
Two consumer data privacy amendment bills advanced last week. In Connecticut, Senator Maroney’s SB 4 passed the Senate. The bill amends Connecticut’s existing law and also creates a new data broker registration law. Meanwhile, a bill to amend Delaware’s law passed out of a committee.
Four bills passed out of California committees. Of particular note, SB 1104 now revises California’s data broker law to define “direct relationship” and add new disclosure categories when registering. The bill also requires the Office of Data and Innovation to establish a privacy preference profile tool that allows consumers to define and store a privacy preference profile and use the profile to identify relevant privacy and data management practices and policies that are consistent with their preferences so that they can make informed decisions with regard to their personal information. The tool would be made available to the California Privacy Protection Agency. A separate bill to require data brokers to access the DROP platform every 30 days (instead of 45 days) also advanced. The other two bills deal with kid’s privacy and default privacy settings.
Finally, two kid’s privacy bills advanced last week. A Colorado House committee advanced an age attestation bill. The bill previously passed the Senate but was significantly amended in the House. Meanwhile, Louisianna’s House passed a bill to repeal and replace the state’s app store law.
More details on those bills plus updates on all bill movements last week in the below post.
Consumer Data Privacy
In Connecticut, Senator Maroney’s SB 4 passed the Senate by a 31-4 vote. Among other things, the bill revises Connecticut’s consumer data privacy law and creates a new data broker registration law.
Delaware’s HB 380 passed out of the House Technology and Telecommunications Committee and was placed on the ready list. The bill significantly amends Delaware’s consumer data privacy law.
Kid’s Privacy
In Colorado, an amended SB 51 (Age Attestation on Computing Devices) narrowly passed out of the House Committee on Business Affairs & Labor and was referred to the House floor.
Louisiana’s HB 977 unanimously passed the House. The bill repeals and replaces Louisiana’s app store law.
In California, an amended AB 2246 passed out of the Assembly Judiciary Committee. The bill prohibits covered platforms from allowing users under 16 years of age to create or maintain an account. It also establishes an e-Safety Advisory Commission.
Biometric Privacy
There were no updates for this category last week.
Data Broker
In California, an amended SB 1104 passed out of Senate Privacy, Digital Technologies, and Consumer Protection Committee and was referred to the Appropriations Committee. The bill revises California’s data broker law.
Meanwhile, California’s SB 1106 passed out of the Senate Appropriations Committee and is on a third reading. The bill requires data brokers to access the DROP system every 30 days instead of every 45 days.
Consumer Health Data Privacy
There were no updates for this category last week.
Other
In California, an amended AB 2561 passed out of the Assembly Privacy and Consumer Protection Committee. The bill requires an operating system or an application to configure a user’s default privacy setting to be the most privacy protective setting offered by the operating system or application and prohibits an operating system or an application from changing a user’s privacy setting without the user’s explicit consent.