Book a Demo

Alabama Data Privacy Law

Alabama
Alaska
Arizona
Arkansas
California
Colorado
Connecticut
Delaware Personal
Florida
Georgia
Hawaii
Idaho
Illinois 
Indiana
Iowa
Kansas
Kentucky
Maine
Maryland
Massachusetts
Michigan
Minnesota
Mississippi
Missouri
Montana
Nebraska
Nevada
New Hampshire
New Jersey
New Mexico
New York
North Carolina
North Dakota
Ohio
Oklahoma
Oregon
Pennsylvania
Rhode Island
South Carolina
South Dakota
Tennessee
Texas
Utah
Vermont
Virginia
Washington
West Virginia
Wisconsin
Wyoming
Alabama Data Privacy Law
  • Status: No Comprehensive Bill Introduced Yet

​​Alabama Personal Data Protection Act (HB 283) – 2025 Update

Alabama is making strides in the data privacy space with the house passing HB 283, the Alabama Personal Data Protection Act. As of April 29, 2025, the bill is still making its way through the state senate.

What’s in the Bill?

Here’s a breakdown of what HB 283 proposes:

  • Consumer Rights: The bill grants consumers key rights over their personal data, including:
    • Access to their personal data and information about its processing.
    • The ability to correct inaccurate data.
    • The right to delete personal data.
    • Data portability to move their data across platforms.
    • The ability to opt out of personal data processing for things like targeted advertising.
  • Obligations for Businesses: Businesses (referred to as “controllers”) will have to:
    • Implement secure methods for consumers to exercise their rights.
    • Provide privacy notices that clearly outline how consumer data is used and shared.
    • Ensure data security to protect consumers’ personal information.
  • Enforcement: The Alabama Attorney General will have the authority to enforce the provisions of the law, including penalties for non-compliance.
  • Exemptions: Certain exemptions apply, including those related to de-identified data and situations where data is required for legal processes.

What’s Next?

The bill is currently in the Alabama Senate’s Fiscal Responsibility and Economic Development Committee. With the legislative session wrapping up on May 15, 2025, we’ll be watching closely to see if HB 283 passes through the Senate. If it does, we could see new data privacy protections go into effect by October 1, 2025.

As of April 2025, Alabama has not yet proposed a comprehensive Alabama consumer privacy act or an Alabama Online Privacy Act.

On the debating table now is a narrower Alabama data privacy law named SB59, also referred to as The Personal Privacy Protection Act. The bill aims to protect the privacy of members, supporters, volunteers, or donors of a nonprofit organization.

It is important to note that under existing law, a public agency is not prohibited from disclosing certain personal information that identifies a person as a member, supporter, volunteer, or donor of a 501(c) nonprofit organization.

The bill would prohibit a public agency from disclosing personal information or requiring its disclosure, except as required by law. In addition, the bill would provide for civil and criminal penalties for violations.

Interestingly, Alabama’s constitution prohibits a general law whose purpose or effect would be to require a new or increased expenditure of local funds from becoming effective with regard to a local governmental entity without enactment by a ⅔ vote unless

  • it comes within one of a number of specified exceptions
  • it is approved by the affected entity
  • the Legislature appropriates funds, or provides a local source of revenue, to the entity for the purpose.

In reality, this bill would require a new or increased expenditure of local funds within the meaning of the amendment. However, the bill does not require approval of a local governmental entity or enactment by a 2/3 vote to become effective because the bill defines a new crime or

amends the definition of an existing crime, as explained in the state constitution.

SB 59 relates to the disclosure of certain personal information and is titled The Personal

Privacy Protection Act. Let’s run through the contents of the bill.

Definition of Terms

Nonprofit Organization

An entity that is exempt from federal income tax under Section 501(c) of the IRS or is a nonprofit business entity recognized under state law.

Personal Information

Any list, record, register, registry, roll, roster, or other compilation of data of any kind that directly or indirectly identifies a person as a member, supporter, volunteer, or donor of financial or nonfinancial support to any nonprofit organization.

Public Agency

Any department, agency, office, commission, board, division, or other entity of this state, or

of any political subdivision of this state.

Requirements for Public Agencies

A public agency shall not do any of the following:

  • Require any person or nonprofit organization to provide the public agency with personal information or otherwise compel the release of personal information.
  • Release, publicize, or otherwise publicly disclose personal information in its possession.
  • Request or require a current or prospective contractor or grantee of the public agency to provide a list of nonprofit organizations to which the current or prospective contractor or grantee has provided financial or nonfinancial support.

Exemptions

  • Any report or disclosure required by The Fair Campaign Practices Act, Chapter 5 of Title 17, Code of Alabama 1975, or any successor provisions thereto.
  • Any lawful warrant for personal information issued by a court of competent jurisdiction.
  • Any lawful request for discovery of personal information in litigation if all written conditions are met.
  • Admission of personal information as relevant evidence before a court of competent jurisdiction; however, no court shall publicly reveal personal information absent a specific finding of good cause.
  • A release of personal information by any public agency if the information had previously been voluntarily released to the public either by the person to which it pertains or by a nonprofit organization to which the person is a donor.
  • The keeping of filings, certificates, and other public records that disclose the identity of any director, officer, registered agent, or incorporator of a nonprofit organization in any report or disclosure required by law to be filed with the Secretary of State, except that information that directly identifies a person as a donor of financial support to a nonprofit organization, shall not be collected or disclosed.
  • Disclosure of personal information derived from a donation to a nonprofit organization affiliated with a public agency as required by law, if the person has not previously requested anonymity from the nonprofit organization.

Conclusion

This act, if passed, will become effective on the first day of the third month following its passage and approval by the Governor, or its otherwise becoming law.

Sign up for our Data Privacy Tracker with monthly updates on the latest news and developments

500 7th Avenue New York, NY 10018

Contact Us

PLATFORM

SERVICES

USE CASES

CENTRALEYES+

STANDARDS

INDUSTRIES

PARTNERS

RESOURCES

COMPANY

GUIDES

© Copyright 2025 by Centraleyes Tech Ltd | Privacy Policy

Sign up for our Centraleyes
Intelligence Report

500 7th Avenue New York, NY 10018

Contact Us

PLATFORM

STANDARDS

CENTRALEYES+

INDUSTRIES

USE CASES

COMPANY

RESOURCES

GUIDES

PARTNERS

© Copyright 2025 by Centraleyes Tech Ltd |  Privacy Policy
Book a Demo
Partner Login

Try the Centraleyes
Risk & Compliance

Free for 30 Days

Skip to content