Texas Data Privacy and Security Act
Data last verified: March 23, 2026
- Effective Date
- July 1, 2024
- Enforcement Date
- Not specified in statute
Summary
Texas Data Privacy and Security Act provides consumers the right to opt out of profiling for decisions with legal or similarly significant effects, requires data protection assessments, and mandates privacy notice disclosure. Uses SBA small business exemption (not a numeric consumer threshold). AG exclusive enforcement with 30-day cure period.
Who It Applies To
Not specified in statute
Penalties
- Penalty Range
- $0 – $7,500per violation
- Cure Period
- 30-day cure period
- Private Right of Action
- No private right of action
- Enforcement Body
- Texas Attorney General (exclusive)
Requirements (4)
- Opt-Out§ 541.051(b)(5)(C)
This law provides consumers the right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects.
- Impact Assessment§ 541.105(a)
This law requires controllers to conduct data protection assessments for processing activities involving profiling, targeted advertising, sale of personal data, or sensitive data.
- Disclosure§ 541.102(a)
This law requires controllers to provide a clear and accessible privacy notice disclosing data processing practices.
- Consent§ 541.101(b)(4)
This law requires controllers to obtain consumer consent before processing sensitive data; COPPA-compliant consent for known children.
Claire tracks 31 state and local AI laws across 23 US states. No prescriptive federal AI compliance statutes have been enacted. EU AI Act and sector-specific regulations are not covered.
Check if this law applies to your business