Tech
Scope of US state-level privacy laws expands rapidly in 2025 | Computer Weekly
The number of individual US states with local data privacy legislation on their statute books has expanded rapidly in 2025, with nine more state laws coming into effect this year and three more states – Indiana, Kentucky and Rhode Island – slated to start enforcing their own rules on 1 January 2026, according to a report compiled by the International Association of Privacy Professionals (IAPP).
Since the introduction of the landmark California Consumer Privacy Act in 2020, politicians in state capitals across the US have eagerly taken up the data protection baton, with Colorado, Connecticut, Utah and Virginia all introducing comprehensive privacy laws in 2023; Montana, Oregon and Texas in 2024; and Delaware, Iowa, Maryland, Minnesota, Nebraska, New Hampshire, New Jersey and Tennessee this year.
A further 16 states are currently deliberating comprehensive privacy bills, including economic powerhouse states such as Massachusetts and New York.
The resulting report captures an in-depth picture of each of the separate state privacy laws, with the overall goal being to outline the contours of each state to offer more meaningful guidance to organisations. The IAPP has been actively tracking amendments to state privacy laws – Connecticut, Montana and Oregon all made changes his year to expand the scope of applicability, enhance consumer rights and put in place more business obligations around control and processing of personal data, for example.
Where to start?
Müge Fazlioglu, IAPP principal researcher, privacy law and policy, has been tracking these developments. She described an increasingly complex patchwork of compliance for organisations working in the US.
“The applicability of each US state privacy law can be assessed through a multistep process as each state law has a unique scope based on variety of thresholds,” she told Computer Weekly. “These thresholds are related to entity’s jurisdiction, revenue, volume of personal data processing and revenue derived from the sale of personal data.”
To dig deeper into the extent to which the laws differ, five different thresholds in the US now exist for processing resident’s personal data. These include no threshold in Nebraska and Texas; 25,000 or more unique consumers in Montana; 35,000 in Connecticut, Delaware, Maryland, New Hampshire and Rhode Island; 100,000 in California, Colorado, Indiana, Iowa, Kentucky, Minnesota, New Jersey, Oregan, Utah and Virginia; and 175,000 in Tennessee. So, any organisation holding data on any Texas residents becomes subject to applicability, but they must hold data on 0.6% of the population of Maryland, or 3.3% of the population of tiny Delaware.
Then there are thresholds for the sale of personal data. Here, again, Nebraska and Texas are strictest, ruling that the control, processing or sale of any personal data is subject to state privacy laws, albeit with exemptions for small businesses. Meanwhile in California, organisations fall in scope if they control or process any personal data and derive 50% or more of their revenues from the sale of data. Colorado and New Jersey both include population thresholds again – 25,000 unique consumers or more, and in-scope organisations derive any revenue or discount on the price of any goods or services from the sale of personal data.
When it comes to exemptions, each of the 19 state laws excludes various entities and types of data held by them – most commonly, government agencies, non-profits and higher education institutions; and organisations already subject to national, sectoral legislation, such as the Health Insurance Portability and Accountability Act (HIPAA).
Differences again abound. For example, the laws of Colorado, Delaware, Minnesota, Montana, New Jersey and Oregon do not exempt non-profits. California and Maryland do exempt non-profits but do not exempt higher education institutions, and so on. Nuances exist even here – Delaware, for example, exempts only some non-profits and its laws don’t apply to those than handle data held by non-profits working with victims of child abuse, domestic violence, human trafficking or sexual assault. Neighbouring Maryland exempts those that process or share personal data to assist first responders in emergency situations, or law enforcement investigating fraud or insurance-related crime.
When it comes to business obligations under state privacy laws, all states require regulated entities to provide consumers with privacy practice disclosure notices – California asks for this at the point of collection, and all bar Rhode Island and Utah impose minimisation and purpose limitations on the collection or processing of data. This typically restricts the collection, use, retention and sharing of consumer data to what is adequate, relevant and reasonably necessary. Most states – bar Iowa and Utah – require data protection impact assessments (DPIAs), but in Delaware, Indiana and Virginia, DPIAs are specifically required for targeted advertising, the sale of personal data or individual profiling.
Naturally, all states require consent for processing of sensitive data, but again they define varying categories of data as sensitive. Most state laws cover a standard dataset that will be familiar to most, classing children’s data, data on ethnic background, religion, and sexual orientation as sensitive. However, some states go further, with Maryland and Oregon also recognising information on national origin as sensitive, while five states – Connecticut, Delaware, Maryland, New Jersey and Oregon – include data that might reveal an individual’s status as non-binary or transgender.
Maryland, meanwhile, has the only state level law that does not classify mental or physical health data as sensitive, whereas California ploughs a unique furrow and classes philosophical beliefs as a protected category, protecting existentialists, logical positivists, nihilists and stoics alike.
Finally, turning to consumer rights to access, correct and delete data held on them, things are a little simpler but there are still differences to account for. In all states consumers can access, correct and delete data – bar Iowa, where they cannot correct it; and Indiana, where they can correct it only if they have provided it in the first place.
Similarities to GDPR
Organisations operating out of the UK or European Union (EU), may be tempted to look to the practices and principles already established under the General Data Protection Regulation (GDPR) as a helpful guide to the growing labyrinth of rules, clauses and exceptions in the US.
However, Fazlioglu said that while the requirements of the various US regimes relating to consumer rights, data minimisation, purpose limitation of data collection and processing, and so on, might feel familiar to organisations that are already GDPR compliant at first glance, data privacy professionals should be wary of inferring too much from this, and it would be a grave error to rely too heavily on them.
“As we know in the world of privacy and digital governance, compliance work requires continuously mapping the current landscape, monitoring the changes, and making necessary updates and adjustments,” she said. “When it comes to the overlap of GDPR and the US state privacy laws, there’s a lot to identify, assess, translate and consider. There’s no simple checklist or formula to confirm alignment … Organisations need to examine the extent of each state privacy law and evaluate whether their existing practices are sufficient.”
Fazlioglu said that understanding the scope and specificity of each law, including the categories of sensitive data or how various terms such as “sale” are defined, is critical.
She said that while this may feel complex and daunting, the interaction between the various laws and domains and the GDPR may ultimately benefit consumers. “It encourages deeper attention to the crossroads of consumer protection and emerging technologies,” she said.
Federal laws a subject of debate
In parallel to the enacting of state-level legislation in the US, calls continue for Washington DC to introduce a federal privacy law. While British and European observers not steeped in US political tradition may naturally feel inclined to prefer a national data protection standard, this is not such a simple ask for the US federal system.
“It is preferable for some and not preferable for others,” said Fazlioglu. “For example, during discussions around the American Privacy Rights Act of 2024 and the American Data Privacy and Protection Act of 2023, we observed different reactions from various groups – some supported these bills to simplify the landscape, while others emphasised the risk of weakening the protections currently offered by state legislatures.”
The IAPP tracks developments in this regard, examining contentious issues such as bipartisanship, private right of action and preemption. Fazlioglu said it was difficult to predict whether or not a federal law could advance through US Congress, but by analysing prior attempts, it is possible to see that laws which include private right of action and preemption clauses can influence a bill’s ability to attract both Democrat and Republican support.
Fazlioglu added: “The question is not only whether federal privacy legislation is preferable, but also whether such a law should function as a ceiling or a floor. Proponents of preemption argue that a federal law should serve as a ceiling – setting a uniform standard that overrides state laws. In contrast, supporters of preserving state privacy laws believe a federal law should act as a floor – a minimum standard that states can build upon.”
This is why, Fazlioglu said, it’s important to consider both state and federal privacy law developments in order to see the full picture. “I believe the state-federal dynamics influence each other. So, while it’s uncertain whether we’ll see a federal privacy law enacted, I expect continued discussions at both the intra-state level and between state and federal frameworks. Together, these conversations will continue to shape the US approach to privacy law and policy in the coming years,” she said.
A research team from the Ningbo Institute of Materials Technology and Engineering (NIMTE) of the Chinese Academy of Sciences (CAS), has developed a new integrated poly(oxime-urethane) (PUDF) coating tailored for full-ocean-depth use. The material delivers antifouling and anticorrosion performance for marine engineering applications. The study was recently published in ACS Nano.
The deep sea has emerged as a frontier for marine exploration, but as marine engineering operations expand to full-ocean depths, equipment faces challenges: intense hydrostatic pressure, high salinity, and microbial communities that trigger simultaneous fouling and corrosion—threats that undermine long-term durability.
Conventional multilayer protective systems, however, are vulnerable to interfacial delamination and functional degradation, making them ill-suited for such harsh conditions. This gap has made the development of a single coating that combines synergistic antifouling and anticorrosion protection a critical, long-standing challenge.
To address this, the researchers employed precise molecular design and nanoscale interfacial engineering to create an integrated antifouling and anticorrosion coating based on PUDF. The novel material integrates antibacterial molecules (DFFD) with graphene oxide (GO-COOH) nanosheets, forming a dual-protection system.
The coating exerts its intrinsic antibacterial and antifouling effects by disrupting bacterial purine metabolism and suppressing nucleotide biosynthesis, while the graphene oxide layer provides a physical barrier, blocking corrosive ions and metabolites. This design provides both antifouling and anticorrosion capabilities, even in extreme deep-sea environments.
Experimental results validated the coating’s full-ocean-depth efficacy: Over two months, it prevented the attachment of macrofoulers in the East China Sea (at a depth of 2 meters) and microbial communities in the Philippine Sea (at 7,730 meters). Additionally, the coating withstood prolonged immersion in a simulated environment with high pressure (15 MPa), high salinity, and high bacterial concentration, demonstrating strong anticorrosion performance.
This study provides insights into designing synergistic protection mechanisms for high-performance coatings in extreme environments.
More information:
Peng Zhang et al, Full-Ocean-Depth-Oriented Poly(oxime-urethane) Coating: Construction and Protective Mechanism for Integrated Antifouling and Anticorrosion, ACS Nano (2025). DOI: 10.1021/acsnano.5c09595
Citation:
Deep-sea coating offers antifouling and anticorrosion protection in extreme environments (2025, October 29)
retrieved 29 October 2025
from https://techxplore.com/news/2025-10-deep-sea-coating-antifouling-anticorrosion.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no
part may be reproduced without the written permission. The content is provided for information purposes only.
TfL, to its credit, has made many efforts over the years to try to deal with the problem of hot tunnels, including attaching cooling panels to tunnel walls. The panels, which circulate water to remove heat from the air, were deployed in a trial in 2022, though they are not currently in use. Paul argues that such a system could be prohibitively expensive.
Hassan Hemida at the University of Birmingham says Paul’s water-cooling technology is a “good idea,” though it remains to be seen how much heat it could really remove from a real-life, busy Tube station full of people.
Certain railways simply push the boundaries of our ability to cool things down, says Hemida. He gives the example of super-high-speed trains traveling at, say, 400 kilometers per hour. They force air out of their way at high velocities, meaning the air pressure surrounding heating, ventilation, and air-conditioning (HVAC) equipment on the roofs of those trains can drop significantly. “Then, you cannot suck air into the HVAC system,” he says. Ultimately, that could cause the air-conditioning unit to fail. “I have been contacted by colleagues from China, and they want to find a solution for this problem,” Hemida adds.
More and more train operators are adopting air-conditioning systems as standard, though. London’s still relatively new Elizabeth Line features air-conditioning, for example. And a spokesman for Škoda Transportation, which recently rolled out air-conditioned metro trains in the capital of Bulgaria, says: “Generally, every vehicle we produce now is equipped with AC.” Sharon Hedges, senior engagement manager at Transport Focus, an industry watchdog, adds: “As people think about procuring new rolling stock, these are the kind of things that need to be uppermost in minds now.”
Heat waves are one thing in Britain. What about the Egyptian desert? German tech company Siemens is supplying Egypt with a new set of high-speed trains that can travel at speeds of up to 230 kilometers per hour. The firm’s Velaro trains are used in many places around Europe, but for Egypt, Siemens has really put them through their paces. Last summer, the company took one of the trains to a test facility in Austria and exposed it to unpleasant conditions, including temperatures as high as 60 degrees Celsius and high winds. “We are achieving 26 degree inside temperature at the hottest outside conditions,” says Björn Buchholz, head of HVAC and door systems.
REI’s Base Camp tent is the best-designed, best-built six-person tent I’ve ever used. It also proved itself one of the most waterproof large tents in our testing. It’s a traditional dome tent design, with two crossed poles and two side poles. The tent floor is high-quality 150-denier (150D) polyester, while the sides are a combination of mesh and 40D nylon. There’s loads of storage pockets, double doors, great vents, and huge windows, making it comfortable even in summer heat. It’s also one of the few family-size, three-season tents on the market with a nearly full-length rain fly (made of 75-denier polyester), which makes it suitable for those more weather-prone fall and spring trips (the fly sits about 3 inches off the ground, so not four-season level like the Marmot below, but close). It’s also surprisingly stable in the wind considering how tall it is (74 inches for the six-person model).
The inside is roomy. My family of five (two adults, two teenagers, one 10-year-old) had no trouble fitting inside. There’s plenty of room for five smaller sleeping pads, or you could double up on Exped’s Megamat Duo ($349) for an extra cushy car camping setup. The vestibules are nice and roomy too, offering storage for the rest of your camping gear. If you really want some extra, covered, outdoor space, you can grab the Base Camp Vehicle Connector for $170 (untested, but it’s on my list).
With two huge doors that have big, no-snag zippers, it’s easy to get in and out of the Base Camp without stepping on anyone. There’s also a wide variety of storage options, including six pockets (one for each person), and lots of hang loops stitched into the ceiling allowing you to hang lights or string a clothesline. There are also plenty of mesh vents, which make it possible to get a nice cross breeze through the tent on warm nights.
| Specs | |
|---|---|
| Dimensions | 100 x 86 in. (4-person) / 110 x 110 in. (6-person) |
| Interior living space | 56 sq. feet (4-person) / 84 sq. feet (6-person) |
| Vestibule space | 27 + 17 sq. feet (6-person) |
| Height | 63 in (4-person) / 74 in (6-person) |
| Weight | 17 lbs., 5.6 oz. (4-person) / 20 lbs., 11.5 oz. (6-person) |
| Capacity | 4- or 6-person |
| Doors | 2 |
Deep-sea coating offers antifouling and anticorrosion protection in extreme environments
Top ’27 recruit Dooney Johnson commits to Zags
US Fed Rate Cut: Jerome Powell Reduces Interest Rates By Another 25 Bps
-
Fashion1 week agoChinese woman charged over gold theft at Paris Natural History Museum
-
Entertainment1 week agoJohn Grisham unveils his first-ever mystery, “The Widow”
-
Tech1 week agoThis Smart Warming Mug Is Marked Down by $60
-
Tech1 week agoEaster Island’s Moai Statues May Have Walked to Where They Now Stand
-
Fashion1 week agoThe North Face and Cecilie Bahnsen launch second collaboration
-
Politics4 days agoTrump slams ‘dirty’ Canada despite withdrawal of Reagan ad
-
Fashion1 week agoNew EU strategy proposed to shape global clean, resilient transition
-
Sports1 week agoMaccabi Tel Aviv to decline tickets for European tie at Aston Villa | The Express Tribune