Texas
Summary
Law: Texas Data Privacy and Security Act (TDPSA)
Regulator: The Texas Attorney General (AG)
Summary: The TDPSA entered into effect on July 1, 2024, following its enactment on June 18, 2023. Notably, the provisions on the ability of consumers to direct a third party to opt out of the processing of personal data on their behalf do not enter into effect until January 1, 2025. The Act introduces obligations for data controllers and processors including disclosure as well as vendor management requirements and establishes new consumer rights such as the right to access, delete, be informed (confirmation), and the right to opt out of targeted advertising and the sale of personal data. Furthermore, the Act provides the AG with enforcement powers but does not provide a private right of action.
In addition, the Identity Theft Enforcement and Protection Act (the Identity Theft Act), under Chapter 521, Title 11 of the Business and Commerce Code, and Chapter 33, Title 7 of the Penal Code, contain general privacy provisions focusing on the protection of personal identifying information and sensitive personal information. Furthermore, Texas has a range of sector-specific privacy regulations governing health data, financial data, biometric data, and unsolicited commercial communications. This includes an Act relating to an individual's genetic data, regulating the use of direct-to-consumer genetic testing companies, which entered into force on September 1, 2023.