Alaska committee hears testimony on Consumer Data Privacy Act; business thresholds, minors and registry draw scrutiny
March 20, 2026 | 2026 Legislature Alaska, Alaska
This article was created by AI summarizing key points discussed. AI makes mistakes, so for full details and context, please refer to the video of the full meeting. Please report any errors so we can fix them. Report an error »
The Alaska House Judiciary Committee on March 20 heard opening testimony and public comment on House Bill 367, the Consumer Data Privacy Act, in a first hearing that drew expert testimony, civil-rights recommendations and industry opposition.
Sponsor Representative Andy Story said the bill would give Alaskans "meaningful control over their personal data," set standards for collection and sharing, and create accountability for violations. He cited risks to children, elders and survivors of abuse from unregulated data-broker markets and turned the committee to an invited expert from Consumer Reports.
"Many companies collect children's data not just for tracking clicks. They are shaping attention and treating a child not as someone to be nurtured, but as a data point to be measured, predicted, and manipulated," said Matt Schwartz, senior policy analyst at Consumer Reports, who outlined common elements of state privacy laws (opt-out rights, access, correction, deletion, portability), warned that enforcement has been uneven, and recommended strong protections for sensitive data and meaningful enforcement.
Kaylee Holm, staff to Representative Story, gave a sectional overview of the bill's key components: consumer rights (notice, access, deletion, opt out), business obligations (clear, conspicuous privacy policies and recordkeeping for deletion), a data-broker registry with an annual registration fee, a business-size threshold to exempt smaller firms (over 100,000 customers or when more than 50% of revenue derives from selling/sharing data), and special protections for minors (the current draft bars sale and profiling for individuals 16 and under). Holm said enforcement would be carried out by the Department of Law/Attorney General and that the current draft does not include a private right of action.
Several members pressed the sponsors and witnesses on key design choices. Representative Vance asked whether state laws have successfully prevented the sale of sensitive data and whether private rights of action are common; Schwartz said only California currently has a limited private right tied to financial harm from breaches and that enforcement in most states is AG-led and mixed in efficacy. Representative Costello asked whether current protections for Social Security numbers would be changed; Legislative Legal (Ian Walsh) said the bill exempts HIPAA-covered entities and patient information in the draft and noted federal laws overlay Social Security number rules, offering to provide a detailed memo.
Committee members also questioned the 100,000-customer threshold for applicability (Holm said it tracks a common industry/state standard but acknowledged some states have lower thresholds), and why the minors cutoff is 16 rather than 18 (Holm said 16 was selected for consistency with other measures but is open to conversation). On geolocation and consent, staff and witnesses said in-app consent mechanisms would likely meet the bill's written-consent requirement but recommended clarifying the statutory language.
Public comment included in-person testimony from Juneau resident Jane Smith, who described personal harms from data-broker listings, outdated or incorrect information and difficulty correcting third-party records, and urged passage of strong protections. Becca Stern of the ACLU of Alaska recommended closing data-minimization loopholes, banning the sale of sensitive data (precise geolocation, health data, minors), and adding a private right of action to strengthen enforceability. Chris Quigley of the Consumer Data Industry Association testified in opposition, warning of unclear alignment with federal frameworks such as the Fair Credit Reporting Act, potential conflicts between deletion/opt-out requirements and legal obligations (identity verification, fraud prevention), and burdens from a public registry.
Representative Mina asked about biometric data; Holm said definitions for biometric and sensitive data exist in the draft and could be expanded or moved into a distinct sensitive-data section during amendment discussions. The committee set HB 367 aside for further work and announced it will return to the bill at a later date.
Next steps: the committee will schedule a sectional analysis and follow-up, and staff offered to provide additional legal memos on federal conflicts, HIPAA exemptions and specific drafting questions raised during the hearing.
Sponsor Representative Andy Story said the bill would give Alaskans "meaningful control over their personal data," set standards for collection and sharing, and create accountability for violations. He cited risks to children, elders and survivors of abuse from unregulated data-broker markets and turned the committee to an invited expert from Consumer Reports.
"Many companies collect children's data not just for tracking clicks. They are shaping attention and treating a child not as someone to be nurtured, but as a data point to be measured, predicted, and manipulated," said Matt Schwartz, senior policy analyst at Consumer Reports, who outlined common elements of state privacy laws (opt-out rights, access, correction, deletion, portability), warned that enforcement has been uneven, and recommended strong protections for sensitive data and meaningful enforcement.
Kaylee Holm, staff to Representative Story, gave a sectional overview of the bill's key components: consumer rights (notice, access, deletion, opt out), business obligations (clear, conspicuous privacy policies and recordkeeping for deletion), a data-broker registry with an annual registration fee, a business-size threshold to exempt smaller firms (over 100,000 customers or when more than 50% of revenue derives from selling/sharing data), and special protections for minors (the current draft bars sale and profiling for individuals 16 and under). Holm said enforcement would be carried out by the Department of Law/Attorney General and that the current draft does not include a private right of action.
Several members pressed the sponsors and witnesses on key design choices. Representative Vance asked whether state laws have successfully prevented the sale of sensitive data and whether private rights of action are common; Schwartz said only California currently has a limited private right tied to financial harm from breaches and that enforcement in most states is AG-led and mixed in efficacy. Representative Costello asked whether current protections for Social Security numbers would be changed; Legislative Legal (Ian Walsh) said the bill exempts HIPAA-covered entities and patient information in the draft and noted federal laws overlay Social Security number rules, offering to provide a detailed memo.
Committee members also questioned the 100,000-customer threshold for applicability (Holm said it tracks a common industry/state standard but acknowledged some states have lower thresholds), and why the minors cutoff is 16 rather than 18 (Holm said 16 was selected for consistency with other measures but is open to conversation). On geolocation and consent, staff and witnesses said in-app consent mechanisms would likely meet the bill's written-consent requirement but recommended clarifying the statutory language.
Public comment included in-person testimony from Juneau resident Jane Smith, who described personal harms from data-broker listings, outdated or incorrect information and difficulty correcting third-party records, and urged passage of strong protections. Becca Stern of the ACLU of Alaska recommended closing data-minimization loopholes, banning the sale of sensitive data (precise geolocation, health data, minors), and adding a private right of action to strengthen enforceability. Chris Quigley of the Consumer Data Industry Association testified in opposition, warning of unclear alignment with federal frameworks such as the Fair Credit Reporting Act, potential conflicts between deletion/opt-out requirements and legal obligations (identity verification, fraud prevention), and burdens from a public registry.
Representative Mina asked about biometric data; Holm said definitions for biometric and sensitive data exist in the draft and could be expanded or moved into a distinct sensitive-data section during amendment discussions. The committee set HB 367 aside for further work and announced it will return to the bill at a later date.
Next steps: the committee will schedule a sectional analysis and follow-up, and staff offered to provide additional legal memos on federal conflicts, HIPAA exemptions and specific drafting questions raised during the hearing.
Don't Miss a Word: See the Full Meeting!
Go beyond summaries. Unlock every video, transcript, and key insight with a Founder Membership.
✓
Get instant access to full meeting videos
✓
Search and clip any phrase from complete transcripts
✓
Receive AI-powered summaries & custom alerts
✓
Enjoy lifetime, unrestricted access to government data
30-day money-back guarantee
