The "Rhode Island Data Transparency and Privacy Protection Act" is a proposed bill that seeks to establish a new chapter in Title 6 of the General Laws, focusing on the privacy rights and transparency for Rhode Island citizens regarding the collection, sharing, and sale of their personally identifiable information by businesses. The bill introduces definitions for terms such as "affiliate," "biometric data," "child," "consent," "controller," and "personal information," among others, to create a clear legal framework. It emphasizes informed consent, particularly for children's data, and outlines customer rights to control their personal data, while setting requirements for businesses to protect the privacy and security of this information. The bill also clarifies what constitutes "disclose" and specifies exceptions to this definition, such as disclosures to affiliates or for legal compliance.

The bill mandates operators to disclose the categories of personal data collected and the third parties with whom it may be shared, and to limit data collection to what is necessary for disclosed purposes. It prohibits the processing of sensitive data without consent and requires operators to establish data security practices. Customers are granted rights to access, correct, delete, and obtain a portable copy of their data, and to opt out of data processing for targeted advertising or profiling. Controllers must respond to customer requests within specified timeframes and establish an appeal process for denied requests. The bill also outlines responsibilities for controllers and processors, including providing privacy notices, following data processing procedures, and conducting data protection assessments for high-risk activities. New legal language is inserted to allow for the processing of personal data for public health purposes and internal use, while clarifying exemptions and ensuring the protection of rights and freedoms. The act is set to take effect on January 1, 2024.