New U.S. State Data Privacy Laws in 2025

The momentum of U.S. states implementing new data privacy legislation shows no signs of slowing down, with 2025 seeing new comprehensive data privacy laws going into effect in an additional eight states: Delaware (effective January 1, 2025), Iowa (effective January 1, 2025), Maryland (effective October 1, 2025), Minnesota (effective July 31, 2025), Nebraska (effective January 1, 2025), New Hampshire (effective January 1, 2025), New Jersey (effective January 15, 2025), and Tennessee (effective July 1, 2025). Like the succession of U.S. states that implemented data privacy laws modeled on the California Consumer Privacy Act of 2018 (“CCPA”) and its 2020 amendment the California Privacy Rights Act (“CPRA”), these eight new state laws provide state residents with several rights regarding their personal data held by businesses. These laws include the right to access their personal data held by the business, the right to correct or delete their personal data held by the business, and the right to opt-out of sales and other certain types of processing of their personal data. The applicability thresholds for each of these eight new state data privacy laws vary from state to state. Businesses that have nationwide consumer-facing operations or that have a presence in any of the above eight states should determine whether these new state data privacy laws are applicable to them and then review their current data privacy policies to determine if further updates are needed for compliance. If you have any questions about how these new state data privacy laws may apply to your business, please contact your Masuda Funai relationship attorney for a consultation.  

Masuda Funai is a full-service law firm with offices in Chicago, Detroit, Los Angeles, and Schaumburg^.