Rhode Island Data Transparency and Privacy Protection Act
Data last verified: March 23, 2026
- Effective Date
- January 1, 2026
- Enforcement Date
- Not specified in statute
Summary
Rhode Island Data Transparency and Privacy Protection Act provides consumers the right to opt out of profiling for decisions with legal or similarly significant effects, requires data protection assessments, and mandates privacy notice disclosure. No cure period — AG may enforce immediately.
Who It Applies To
35K consumers OR 10K consumers + 20% revenue from data sales
- Min Consumers:
- 35,000
Any threshold triggers applicability
Penalties
- Penalty Range
- $100 – $10,000per violation
- Cure Period
- Not specified in statute
- Private Right of Action
- No private right of action
- Enforcement Body
- Rhode Island Attorney General
Requirements (4)
- Opt-Out§ 6-48.1-5(e)(4)
This law provides consumers the right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects.
- Impact Assessment§ 6-48.1-7(e)
This law requires controllers to conduct data protection assessments for processing activities involving profiling, targeted advertising, sale of personal data, or sensitive data.
- Disclosure§ 6-48.1-3(a)-(b)
This law requires controllers to provide a clear and accessible privacy notice disclosing data processing practices.
- Consent§ 6-48.1-4(c)
This law requires controllers to obtain customer consent before processing sensitive data, and COPPA-compliant consent for known children's data.
Claire tracks 31 state and local AI laws across 23 US states. No prescriptive federal AI compliance statutes have been enacted. EU AI Act and sector-specific regulations are not covered.
Check if this law applies to your business