WeVote

Bill

Bill

HB 380

AN ACT TO AMEND TITLE 6 OF THE DELAWARE CODE RELATING TO PERSONAL DATA PRIVACY.

153rd General Assembly (2025-2026) Introduced by Darius Brown and 26 co-sponsors

Delaware HB 380 would strengthen residents’ control over their personal data by expanding rights and imposing stricter obligations on entities handling Delaware residents’ informat

Passed By Senate. Votes: 15 YES 6 NO
0
WeVote Research Nonpartisan
Bill Summary · HB 380

Summary of HB 380 (Session 153) – Delaware

Overview

  • Bill: HB 380
  • Jurisdiction: Delaware
  • Title: An Act to Amend Title 6 of the Delaware Code Relating to Personal Data Privacy
  • Session: 153
  • Introduced / Committee: Introduced and assigned to the Technology & Telecommunications Committee in the House on 2026-04-16
  • Sponsors: A broad slate of 26+ co-sponsors, including Ed Osienski (lead), plus a wide group of representatives from both parties

Purpose and Intent

HB 380 aims to modify Delaware’s existing framework governing personal data privacy. While the exact text of amendments is not provided here, the bill’s title and placement in Title 6 (Delaware’s consumer protection and statutory code) indicate an intent to strengthen or update protections around the handling, processing, storage, and potential commercialization or disclosure of personal data by entities operating in Delaware.

Key Provisions (Illustrative – Based on typical personal data privacy updates)

  • Scope of Personal Data: Clarifies what constitutes “personal data” within Delaware’s laws (e.g., identifiers, sensitive data, biometric data, online identifiers, etc.).
  • Consumer Rights: Likely adds or reinforces rights for consumers, such as:
    • Access to personal data held by a business
    • Deletion of personal data (the right to be forgotten)
    • Correction of inaccurate data
    • Data portability or data transfer rights
    • Opt-out mechanisms for certain data processing activities (e.g., sale or targeted advertising)
  • Controller/Processor Responsibilities:
    • Obligations for entities that collect, process, or store personal data (e.g., data minimization, security measures, data breach notification)
    • Requirements for contractual controls with third parties (processors and service providers)
  • Security and Breach Notification: Standards for data security practices and timelines for notifying affected individuals and state authorities in the event of a breach.
  • Enforcement and Remedies: Potential penalties for non-compliance, enforcement mechanisms, and the role of state agencies in oversight.
  • Exemptions and Practicalities: Possible carve-outs for certain data types (e.g., de-identified data), businesses below a certain size, or government and law enforcement activities.

Note: The exact text would specify the precise rights granted, the conditions of compliance, and any thresholds or exemptions. The above reflects common elements in state-level personal data privacy updates and may not capture district-specific nuances without the bill's full language.

Who Would be Affected

  • Businesses and Organizations: Any entity operating in Delaware or handling Delaware residents’ personal data, including:
    • Data controllers (entities determining purposes of processing)
    • Data processors (service providers processing data on behalf of controllers)
  • Individuals (Residents of Delaware): Consumers would gain expanded rights over their personal data and enhanced protections.
  • State Agencies: Likely stock-taking and enforcement responsibilities for privacy compliance and breach investigations.

Procedural and Timeline Aspects

  • Introduction: 2026-04-16
  • Committee Assignment: Technology & Telecommunications Committee (House)
  • Next Steps: If advanced, the bill would typically move through committee hearings, potential amendments, and votes in the House, followed by consideration in the Senate. Implementation timelines (effective dates) would be specified in the bill (e.g., effective date upon enactment or after a set sunset/phase-in period).

Potential Impact and Considerations

  • Consumer Protections: Strengthens Delaware residents’ ability to control their personal information and obtain remedies for mishandling.
  • Business Compliance Burden: May require new privacy notices, consent mechanisms, data processing agreements, and security measures.
  • Economic Implications: Could influence how businesses approach data collection, targeting, and third-party data handling in Delaware.
  • Preemption and Coordination: If similar to other state privacy laws, considerations about consistency with federal law or other state statutes.

If you’d like, I can tailor this summary to include hypothetical or typical clause language (e.g., sample rights or compliance steps) or look up the actual bill text for more precise details on provisions, dates, and effective timelines.

Compiled from official sources — confirm details with the bill’s official record.

Sign in to ask a question.