Key point: Last week, Alabama’s legislature passed a consumer data privacy bill.

Below is the thirteenth update on the status of proposed state privacy legislation in 2026. This post covers updates on proposed bills dealing with consumer data privacy, kid’s privacy, biometric privacy, data brokers, and consumer health data privacy. As always, the contents provided below are time-sensitive and subject to change.

What’s New

The big news last week was Alabama’s legislature passing a consumer data privacy bill. The business-friendly bill is now with Governor Kay Ivey. This is the second data privacy bill the Alabama legislature passed this year, with the legislature passing an app store bill in February. We will post an article on the bill once it is signed into law.

Approximately 370 miles southwest, Louisiana’s Senate passed the Louisianna Data Privacy Act. Louisiana’s legislature closes June 1.

Meanwhile, Maine lawmakers once again tried – and failed – to pass a consumer data privacy bill. The Maine legislature closes April 15.

We also saw movement with bills that amend existing consumer data privacy laws with bills in Maryland, California, Connecticut, and Minnesota advancing. Further details on the bills are below. Maryland’s legislature closes April 13.

Turning to kid’s privacy bills, Louisianna’s bill to repeal and replace its app store law was reported out of committee and is pending final House passage.

In California, lawmakers are now considering a bill that adds California Age-Appropriate Design Code Act-like provisions to the state’s Business and Professions Code.

Finally, California’s bill to amend its data broker law advanced out of a Senate committee and was referred to the Appropriations Committee. The bill amends California’s Delete Act to require data brokers to access the deletion mechanism every 30 days instead of 45 days.

Looking ahead, legislatures in five states close this week: Kentucky, Maine, Maryland, Mississippi, and Nebraska.

More details on those bills plus updates on all bill movements last week in the below post.

Consumer Data Privacy

Alabama’s legislature passed a consumer data privacy bill (HB 351) on April 7. The bill is now with Governor Kay Ivey for consideration. If signed into law, this would be the second data privacy law enacted by Alabama this session. Earlier this year, the legislature enacted an app store law.

Louisianna’s Data Privacy Act (SB 386) passed the Senate and was transferred to the House.

Maryland’s HB 711 passed out of the Senate Finance Committee and is on a final Senate floor reading. Among other things, the bill amends Maryland’s consumer data privacy law relating to the use of personal data concerning immigration enforcement. The bill previously passed the House.

In California, SB 923 unanimously passed out of the Senate Privacy, Digital Technologies, and Consumer Protection Committee and was referred to the Appropriations Committee. Among other things, the bill expands the CCPA’s right to delete to include requesting the deletion of any personal information that the business has collected about the consumer. The CCPA’s right currently only cover personal information the business obtained directly from the consumer.

In Connecticut, SB 4 was voted out of the Joint Judiciary Committee. The bill makes several amendments to Connecticut’s consumer data privacy law.

Minnesota’s consumer data privacy amendment bill (HF 2700) is now on second reading. Among other things, the bill adds consumer health provisions to Minnesota’s law.

Finally, Maine lawmakers once again tried – and failed – to pass LD 1822.

Kid’s Privacy

Louisianna’s bill (HB 977) to repeal and replace its app store law was reported out of committee and is pending final House passage.

In California, the text of Assemblymember Buffy Wicks’ AB 2246 was amended and the bill re-referred to the Assembly Committee on Privacy and Consumer Protection. The new text applies California Age-Appropriate Design Code Act-like provisions to the state’s Business and Professions Code.

Biometric Privacy

There were no updates for this category last week.

Data Broker

In California, SB 1106 unanimously passed out of the Senate Privacy, Digital Technologies, and Consumer Protection Committee and was referred to the Appropriations Committee. The bill amends California’s Delete Act to require data brokers to access the deletion mechanism every 30 days instead of 45 days.

Consumer Health Data Privacy

There were no updates for this category last week.