Arkansas – social media companies must use a third-party vendor to perform reasonable age verification before allowing access to their platforms. This verification could include requiring a digital copy of a driver’s license, government ID or other “commercially reasonable” method.
California – Has annual gross revenues in excess of twenty-five million dollars ($25,000,000) OR annually buys, receives, sells or shares personal information of 50,000 or mor consumers anywhere.
Colorado – Conducting business in Colorado targeting 100,000 residents OR derives revenue from the sale of personal data of 25,000 or more consumers (anywhere)
Connecticut – Conducting business in Connecticut targeting100,000 residents OR derives revenue from the sale of personal data of 25,000 or more consumers (anywhere)
Illinois – Any collection of Biometric Identifiers
Indiana – Conducting business in Indiana targeting100,000 residents OR derives revenue from the sale of personal data of 25,000 or more consumers (anywhere)
Iowa – Conducting business in Iowa targeting100,000 residents OR derives revenue from the sale of personal data of 25,000 or more consumers (anywhere)
Nevada – Conducts business in Nevada
Ohio – 200 or more sales or transactions or gross sales of $5,000.00 or more
Montana – Conducting business in Montana targeting 50,000 residents OR derives revenue from the sale of personal data of 25,000 or more consumers (anywhere)
Tennessee – Conducting business in Tennessee and has annual gross revenues in excess of twenty-fie million dollars ($25,00,0000.00) AND processes the personal information of 25000 consumers and derives more than 50% of gross revenue for the sale of personal information or process personal information of at least 175000 consumers per year.