The proposed bill introduces the "Reproductive Freedom and Gender-Affirming Care Health Data Privacy Act" into Title 23 of the General Laws, focusing on the privacy of consumer health data related to reproductive and gender-affirming care. It establishes clear definitions and regulations regarding consumer health data, emphasizing the need for explicit consent before data collection and processing.

The bill outlines the rights of consumers, including the right to confirm whether a regulated entity or small business is collecting, sharing, or selling their health data, the right to access such data, the right to withdraw consent, and the right to have their health data deleted. Regulated entities and small businesses are required to maintain a consumer health data privacy policy that clearly discloses the categories of data collected, the purpose of collection, the sources of data, and the categories of third parties with whom the data is shared.

Additionally, the legislation prohibits deceptive design practices that could mislead consumers and restricts the sale of health data without valid consumer authorization. Such authorizations must be written in plain language and include specific details about the data being sold, the parties involved, and the consumer's rights. Certain types of information, such as protected health information under federal law, are exempt from these regulations.

The bill also establishes penalties for violations, allowing individuals to bring civil actions for injunctive relief and damages, and designates violations as deceptive trade practices enforceable by the attorney general. Overall, the act aims to enhance privacy protections for individuals seeking reproductive and gender-affirming care in Rhode Island.