Senate Bill 15

Last Action 01/05/23: to Economic Development, Tourism, & Labor (S)
Title AN ACT relating to consumer data privacy.
Bill Documents Introduced
Bill Request Number 2
Sponsors W. Westerfield, J. Schickel
Summary of Original Version Create new sections of KRS Chapter 367 to define terms; set the parameters for applicability of this Act; define various consumer rights related to data collection; require a data controller to comply with a consumer request to exercise those rights, including confirming whether or not a controller is processing the consumer's data and providing the consumer access to his or her data, deleting his or her personal data, providing a copy of the consumer's data that he or she previously provided in a portable and usable format, opting out of targeted advertising, opting out of tracking, and opting out of the sale or sharing of his or her personal data; require controllers to establish a process for consumers to appeal a controller's refusal to act on a consumer's request to exercise a right; set forth requirements for persons or entities that control or process personal data; require persons who control data to conduct data protection impact assessments; establish that the Attorney General has exclusive authority to enforce, with the exception of a private right of action by which consumers can seek injunctive relief for specific violations if the data controller or processor received an written notice of violation from the Attorney General and failed to cure the violation within 30 days; create a consumer privacy fund in the State Treasury to be administered by the Office of the Attorney General and direct that all civil penalties collected with regard to enforcement actions be deposited in the fund; set forth that this Act supersedes and preempts all rules, regulations, codes, ordinances, and other laws adopted by a city, county, charter county, urban-county government, consolidated local government, unified local government, or local agency regarding the processing of personal data; amend KRS 367.240 to conform; allow the Act to be cited as the Kentucky Consumer Protection Data Act; EFFECTIVE January 1, 2025.
Index Headings of Original Version Data Processing - Personal data protection, consumer data privacy rights
Effective Dates, Delayed - Kentucky Consumer Data Protection Act, effective January 1, 2025
Short Titles and Popular Names - Kentucky Consumer Data Protection Act
Trade Practices and Retailing - Personal data protection, consumer data privacy rights
Consumer Affairs - Personal data protection, consumer data privacy rights


  • introduced in Senate
  • to Committee on Committees (S)
  • to Economic Development, Tourism, & Labor (S)

Last updated: 1/6/2023 5:32 PM (EST)
To receive notice when the record is updated follow @LRCTweetBot.