The stringent law introduces several novel obligations and a unique approach to determining applicability that may broaden its reach.
On June 18, 2023, Texas enacted the Texas Data Privacy & Security Act (TDPSA), which will largely take effect in just over a year on July 1, 2024. The TDPSA follows in the footsteps of 10 other comprehensive US state privacy laws but sits decisively on the more stringent end of the spectrum.
While the TDPSA is generally modeled after the Virginia Consumer Data Protection Act (VCDPA), it adopts many of the more consumer-friendly components of more recently enacted laws. It also introduces several novel obligations and a unique approach to determining applicability that may broaden its reach.
In light of these factors and considering the size of the Texas economy and population, the TDPSA may prove to be the most impactful state privacy law since the California Consumer Privacy Act (CCPA), which was enacted in 2020.