On Monday, March 13, 2023, The Texas House Business & Industry committee held a hearing for the main data privacy bill for this legislative session by Representative Capriglione of Southlake, TX, a Dallas suburb. The 34-page bill filed earlier this year aims to comprehensively address how companies and consumers interact with personal data. Similar to California, European, and a handful of other state data privacy laws enacted last year, the bill outlines five rights that consumers have to control their data including the right to know when personal data is being collected and the right to access their data. However, the bill is somewhat unique in that, whereas other applicability provisions filter out small businesses based on annual gross revenue or volume of data collected or processed, the Texas bill expressly exempts a “small business” as defined by the U.S. Small Business Administration (SBA). In addition, whereas several other bills address “personal data” versus “de-identified” data, the Texas bill uniquely distinguishes between “de-identified data” (which cannot be linked to an individual) and “pseudonymous data” (which cannot be linked to an individual without additional information) and includes requirements regarding the handling of both kinds of data to prevent re-identification. The bill goes into further detail regarding the business and consumer relationship.
The committee made changes to the original language of the bill, and it is likely the bill will see more modifications as it travels to the House floor on Tuesday, April 4th, and eventually to the Senate. We will continue to monitor and engage in the crafting of this legislation.
If you conduct business in Texas or are not sure how this law will affect your data collection practices and consumer interactions, feel free to reach out to Balch’s Data Privacy and Security team.
To view information about the bill, click here
To view the committee hearing, click here (Beginning at 1:11:05)