The bill introduces the Rhode Island Data Transparency and Privacy Protection Act, which enhances privacy protections for individuals, particularly concerning online activities and data sharing. It establishes a fundamental right to privacy and requires transparency from businesses in handling personally identifiable information, with a focus on children's data. The bill mandates that businesses inform customers about potential data sales and provide opt-in or opt-out options. It proposes a new chapter in Title 6 of the General Laws, including definitions for terms such as "affiliate," "biometric data," "child," "consent," "controller," and "COPPA," among others. These definitions are essential for setting the framework of the act, clarifying the scope of protected data, and outlining the responsibilities of entities controlling or processing personal data.

The bill sets forth new requirements for commercial websites or internet service providers, including the designation of a controller responsible for personal data management. It introduces key definitions such as "Personal data," "Sensitive data," and "Targeted advertising," and mandates disclosure of data collection practices and third-party sales. Exemptions are outlined, and the bill does not apply to certain entities like nonprofits or those covered by federal regulations. It also introduces regulations for entities that control or process significant amounts of personal data, requiring them to establish reasonable data security practices, obtain consent for sensitive data processing, and provide mechanisms for customers to manage their data consent. Customers are granted rights to access, correct, delete, and port their data, and entities must respond to customer requests within specified timeframes. The bill also includes provisions for data protection assessments and handling of de-identified or pseudonymous data. Violations are considered deceptive trade practices, with fines for each violation, and the act is set to take effect on January 1, 2026.