Your Rights as a Rhode Island Resident

The Rhode Island Data Transparency and Privacy Protection Act provides several fundamental rights to consumers who are residents of Rhode Island acting in an individual or household context[11][13].

• Right to know what data is collected: You have the right to confirm whether a business is processing your personal data and to access that data, unless disclosure would reveal a trade secret[11][13]
• Right to delete personal information: You can request that businesses delete your personal data, taking into account the nature of the data and the purposes for which it is being processed[11][13]
• Right to opt out of data sales: You have the right to opt out of the sale of your personal data to third parties[11][13]
• Right to correct inaccurate data: You can request correction of inaccuracies in your personal information held by businesses[11][13]
• Right to data portability: When technically feasible, you can obtain a copy of your personal data in a readily usable format[11][13]
• Right to opt out of targeted advertising: You can opt out of having your personal data processed for targeted advertising purposes[11][13]
• Right to opt out of profiling: You can opt out of profiling conducted through automated means that produces legal or similarly significant effects[11][13]
• Right to non-discrimination: Businesses cannot discriminate against you for exercising any of these privacy rights[5][11]

Businesses must respond to your requests within 45 days, with a possible 45-day extension if reasonably necessary[13]. If a business denies your request, you have the right to appeal their decision, and they must provide a response to your appeal within 60 days[13].

Business Requirements

The Rhode Island privacy law establishes different levels of requirements depending on the size and type of business operation.

• Threshold for comprehensive coverage: The law applies to for-profit businesses that conduct business in Rhode Island or target products/services to Rhode Island residents and either control or process personal data of at least 35,000 Rhode Island residents, or control or process data of at least 10,000 Rhode Island residents while deriving more than 20% of gross revenue from data sales[5][3][4]
• Universal website disclosure requirements: All commercial websites and internet service providers conducting business in Rhode Island must provide privacy notices disclosing categories of personal data collected, third parties to whom data has been or may be sold, contact information, and whether they engage in targeted advertising[3][13]
• Consumer request procedures: Businesses must establish mechanisms for consumers to exercise their rights, respond to requests within specified timeframes, and provide appeal processes for denied requests[13]
• Data protection assessments: Companies must conduct assessments for high-risk processing activities including data sales, sensitive data processing, targeted advertising, and certain types of profiling[5][13]
• Security requirements: Businesses must establish and maintain reasonable administrative, technical, and physical data security practices to protect personal information[5][13]
• Sensitive data protections: Processing of sensitive data requires prior consumer consent, with special protections for data about minors under 13[13]
• Vendor contract requirements: Businesses must enter into binding contracts with third-party processors that include specific data processing provisions[5]

Practical Impact

• Enhanced transparency in daily digital interactions: The law requires websites and online services to clearly disclose their data practices, making it easier for residents to understand how their information is being used when they shop online, use social media, or access digital services[3][13]
• Limited enforcement options for violations: If your privacy rights are violated, you cannot file a private lawsuit against the business. Instead, you must file a complaint with the Rhode Island Attorney General’s Office, which has exclusive enforcement authority[5][11][14]
• No automatic privacy protections: Unlike some other state laws, Rhode Island’s law does not require businesses to recognize universal opt-out signals, meaning you must manually opt out of data sales and targeted advertising with each individual company[1][3]
• Protection gaps for routine data sharing: The law lacks strong data minimization requirements, meaning businesses can still collect extensive amounts of personal information as long as they provide opt-out mechanisms[1][10]
• Financial penalties for intentional violations: Businesses that intentionally disclose personal data in violation of the law face fines of $100 to $500 per disclosure[11][12]

Comparison Context

• Weaker than leading privacy states: Rhode Island’s law is considered more business-friendly than comprehensive laws in states like California, which includes stronger data minimization requirements and broader enforcement mechanisms[2][10]
• Missing modern privacy protections: Unlike newer state laws, Rhode Island’s legislation lacks recognition of universal opt-out mechanisms, enhanced children’s privacy protections beyond basic consent requirements, and a clear definition of “personally identifiable information”[1][3][15]
• No cure period for violations: Unlike many other state privacy laws, Rhode Island does not provide businesses with an opportunity to fix violations before facing enforcement action, making compliance more critical from the start[11][12]
• Broader website disclosure requirements: One area where Rhode Island goes further than some states is requiring all commercial websites to disclose third-party data sharing, regardless of their size, though the practical impact is unclear due to undefined terms[1][3]
• Limited rulemaking authority: Unlike California and Colorado, Rhode Island’s law does not provide for additional regulatory guidance, meaning businesses must work with the law as written[5]

Action Steps for Residents

• Prepare for January 2026 implementation: Begin familiarizing yourself with your upcoming rights under the law, as most protections won’t be enforceable until the law takes effect
• Review privacy policies of websites you use: Even before the law takes full effect, start paying attention to privacy notices on websites and online services you regularly use, particularly those based in or serving Rhode Island
• Document privacy concerns: Keep records of any data privacy issues you encounter with businesses, as these may become actionable complaints once the law is in effect
• Contact businesses directly first: Since the law provides no private right of action, your most effective approach for resolving privacy issues may be contacting companies directly about their data practices
• Stay informed about enforcement: Monitor the Rhode Island Attorney General’s Office for guidance on how they will enforce the new privacy law and what types of violations they prioritize
• Consider additional privacy tools: Given the law’s limitations, residents should consider using browser privacy settings, ad blockers, and other technical tools to enhance their privacy protection

Official Resources and Contact Information

Rhode Island General Assembly

For information about privacy legislation and to contact your representatives about privacy issues, you can access the Rhode Island General Assembly website. The legislature’s main contact information is available at 82 Smith Street, Providence, RI 02903, with a general phone number of (401) 222-3580[16]. You can find your specific legislators and their contact information through the General Assembly’s website directory.

Attorney General’s Office – Privacy Law Enforcement

The Rhode Island Attorney General’s Office has exclusive enforcement authority over the state’s privacy law. The main office is located at 150 South Main Street, Providence, RI 02903, and can be reached at (401) 274-4400[17]. The Attorney General’s Office handles consumer protection matters and will be responsible for investigating privacy law violations once the law takes effect in 2026.

Filing Consumer Complaints

Rhode Island residents can file consumer complaints related to privacy and data protection issues through the Attorney General’s Consumer Protection Unit. The unit is located at 4 Howard Avenue, Cranston, RI 02920, and can be contacted at (401) 274-4400[18][19]. The office typically handles more than 500 consumer complaints per month and provides assistance even when they cannot directly resolve an issue[19]. You can file complaints online through the Attorney General’s website or by submitting a written complaint form.

Legislative Contact for Privacy Issues

To contact your state representatives about privacy legislation, you can reach the Joint Committee on Legislative Services at (401) 222-6533[20]. For questions about specific privacy bills or to express your views on privacy legislation, you can contact the offices of the primary sponsors of the privacy law: Representative Evan P. Shanley and Senator Louis P. DiPalma through the General Assembly’s main number.

Public Records and Legislative Information

Information about the Rhode Island Data Transparency and Privacy Protection Act, including the full text of the legislation and legislative history, is available through the General Assembly’s bill tracking system. The law was enacted as both Senate Bill 2500 and House Bill 7787 during the 2024 session[6][7]. Citizens can access these documents and track future privacy-related legislation through the General Assembly’s website.

Sources and Citations

Last Updated August 2025. Written with contributions from both human authors and Perplexity AI. If you find incorrect or outdated information let us know at support@optery.com.