The "Rhode Island Data Transparency and Privacy Protection Act" is a proposed bill that seeks to establish a new chapter in Title 6 of the General Laws, focusing on the protection of personal data and privacy rights of Rhode Island citizens. The bill introduces definitions for terms such as "personally identifiable information," "operator," "process," and "de-identified data," which are essential for understanding the scope of the Act. It mandates that businesses, referred to as operators, disclose their practices regarding the collection and sharing of personal data, limit the collection of data to what is necessary, and obtain customer consent for processing data for purposes not initially disclosed. The bill also exempts certain entities from its provisions, including state bodies, nonprofit organizations, and financial institutions, and outlines specific information and data that are not covered by the chapter.

The bill further details the rights of customers to control their personal data, including the right to access, correct, delete, and obtain a portable copy of their data, as well as to opt out of data processing for targeted advertising or profiling. Operators are required to provide secure means for customers to exercise these rights and to respond to customer requests within a specified timeframe. The bill prohibits operators from processing sensitive data without consent and from discriminating against customers who exercise their rights. Controllers are tasked with providing privacy notices, conducting data protection assessments for high-risk processing activities, and ensuring that processors comply with data protection measures. The bill also includes provisions for the processing of personal data for public health purposes and internal use, while safeguarding the rights and freedoms of individuals. The Act is set to take effect on January 1, 2024.