Book a Demo

State Privacy Law Tracker: Rhode Island

Alabama
Alaska
Arizona
Arkansas
California
Colorado
Connecticut
Delaware
Florida
Georgia
Hawaii
Idaho
Illinois 
Indiana
Iowa
Kansas
Kentucky
Maine
Maryland
Massachusetts
Michigan
Minnesota
Mississippi
Missouri
Montana
Nebraska
Nevada
New Hampshire
New Jersey
New Mexico
New York
North Carolina
North Dakota
Ohio
Oklahoma
Oregon
Pennsylvania
Rhode Island
South Carolina
South Dakota
Tennessee
Texas
Utah
Vermont
Virginia
Washington
West Virginia
Wisconsin
Wyoming
Rhode Island Data Privacy Law
  • Status: In effect

As of January 1, 2026, the Rhode Island Data Transparency and Privacy Protection Act (RIDTPPA) is in force. The law establishes enforceable transparency requirements for organizations that sell the personal data of Rhode Island residents through websites or online services.

RIDTPPA focuses on clear disclosure of data sales practices. Covered organizations are required to publicly describe how personal data is sold and shared, with specific attention to third-party recipients.

Active Compliance Requirements

Organizations subject to RIDTPPA are required to:

  • Disclose whether personal data is sold
  • Identify the categories of personal data involved
  • List all third parties to whom personal data has been sold or may be sold
  • Maintain privacy notices that accurately reflect current data-sharing practices

Scope and Applicability

RIDTPPA applies to organizations that sell personal data through online services, including websites and internet service providers. The law applies based on activity, rather than company size, and focuses on transparency related to data sales involving Rhode Island residents.

Enforcement and Penalties

Enforcement is handled by the Rhode Island Attorney General. Violations are addressed under the state’s Unfair and Deceptive Acts and Practices (UDAP) statute, with:

  • Civil penalties of up to $10,000 per violation
  • Additional penalties of $500 per instance involving wrongful disclosure of personal data

Operational Impact

For privacy and compliance teams, RIDTPPA introduces a disclosure-driven compliance obligation. Ongoing alignment between data-sharing practices, third-party relationships, and published privacy notices is central to meeting the law’s requirements.

History of the RIDTPPA

On June 13, 2024, the Rhode Island legislature passed the Rhode Island Data Transparency and Privacy Protection Act (SB 2500 / HB 7787). The act, which now awaits Governor Daniel McKee’s consideration, is expected to go into effect on January 1, 2026. The Rhode Island privacy legislation aims to protect citizens’ personal information in an increasingly digital world. Let’s dive into the key aspects of this new legislation and what it means for residents and businesses alike.

Key Points of RIDTPPA

  1. Transparency Requirements: The law imposes transparency requirements specifically on websites and ISPs that sell personal data, without exemptions for small businesses.
  2. Privacy Notices: Controllers are required to identify all third parties to whom they have sold or may sell personal information in the future.
  3. Omissions: Unlike other state privacy laws, RIDTPPA lacks heightened protections for adolescents, general data minimization requirements, default consumer rights exercises through Universal Opt-Out Mechanisms, and a right to cure alleged violations.

Legislative Process

  • The Rhode Island legislative session will adjourn on June 30th.
  • The Senate companion bill, S2500, has passed the commerce committee and is scheduled for floor consideration.

Penalties

The act links violations to the state Unfair and Deceptive Acts and Practices (UDAP) statute, which provides for civil penalties of up to $10,000. Additionally, a $500 penalty is applied per wrongful disclosure of personal data.

Looking Ahead

If enacted, RIDTPPA will make Rhode Island one of the states with comprehensive privacy laws, adding to the growing number of states implementing data privacy protections.

Sign up for our Data Privacy Tracker with monthly updates on the latest news and developments

Partner Login

Try the Centraleyes
Risk & Compliance

Free for 30 Days

Skip to content