Iubenda logo
Start generating

Documentation

Table of Contents

Texas New Data Privacy Law TDPSA: Everything you need to know

📣 The Texas legislature recently passed HB 4, known as the Texas Data Privacy and Security Act (TDPSA).

On June 18, 2023, Texas marked a significant legislative milestone by becoming the 10th state to adopt a comprehensive privacy law. Following the likes of ColoradoVirginiaUtah, and Connecticut, here’s everything you need to know about Texas’ new privacy law 👇

HB 4

The Journey of HB 4

Passed on May 28 via a conference committee, the bill was signed into law by Gov. Greg Abbott on June 18. Texas’ bill is set to be effective from July 1, 2024, ahead of some other states.

A comparison with other state laws shows some unique features in the Texas bill, with Virginia’s legislation serving as its primary foundation.

What are the Key Features of HB 4?

  1. Coverage Thresholds: Unlike other states that base their applicability on monetary values, Texas has introduced a novel three-factor applicability standard.
  2. Opt-out Mechanisms:By January 1, 2025, there’s a requirement for the acknowledgment of universal opt-out mechanisms.
  3. Opt-in and Opt-out Provisions: The bill mandates opt-in consent for sensitive data collection and processing, along with opt-outs for targeted advertising, data sales, and profiling.
  4. Data Protection Measures: These include data protection assessments, clauses on “dark patterns,” and a notable 30-day cure provision.

Definition of Sensitive Data Under the TDPSA

The TDPSA categorizes sensitive data extensively, including personal details that reveal racial or ethnic origin, religious beliefs, health diagnoses, sexual orientation, citizenship status, genetic and biometric data for identification, data collected from children, and precise geolocation data.

Who does TDPSA apply to?

Texas new data privacy law has set a new standard by establishing the following criteria for entities that:

  • Operate in Texas or produce services or goods consumed by its residents.
  • Process or engage in personal data sales.
  • Do not qualify as a “small business” as per the U.S. Small Business Administration.

Implications for Small Businesses

The TDPSA sets specific criteria for defining small businesses based on employee numbers or annual receipts, with different thresholds for various industries. Even as small businesses may be exempt from some provisions, they are still required to comply with consent requirements for sensitive data sales.

With the signing of the Texas Data Privacy and Security Act into law on June 18, 2023, businesses, policymakers, and consumers eagerly anticipate its enforcement, as Texas cements its position on data privacy. The law, while echoing some existing provisions, definitely charts new territories, emphasizing the state’s commitment to safeguarding its residents’ data privacy.

Consumer Rights Under the TDPSA

Consumers are granted several rights, including the right to access, correct, delete their personal data, receive a portable copy of their data, opt-out of certain processing activities, and not be discriminated against for exercising their rights.

Exercise of Rights and Controller Obligations

Consumers can exercise their rights at any time, and controllers must respond within 45 days. Controllers are required to establish secure methods for consumers to submit requests, obtain consent for processing sensitive data, and provide clear privacy notices. Additionally, starting January 1, 2025, controllers must enable consumers to opt-out of targeted advertising and data sales through browser settings or device configurations.

Mitigate risks and demonstrate commitment to protecting your consumers’ privacy

Take action now

Still have questions?

Attend one of our free webinars Email us Live chat