Rhode Island Data Transparency and Privacy Protection Act (RIDPA)
A practical compliance guide for website owners. Learn what Rhode Island's privacy law requires and how to implement it on your site.
Who Must Comply
Conducts business in Rhode Island or targets Rhode Island residents AND controls/processes personal data of 35K+ consumers (excl. payment transactions), OR controls/processes data of 10K+ consumers and derives 20%+ of gross revenue from selling personal data
What Your Website Must Do
| Requirement | Status |
|---|---|
| Cookie consent banner | Recommended |
| Do Not Sell link | Required |
| Do Not Share link | Required |
| Honor GPC browser signals | Recommended |
| Universal opt-out mechanism | Not required |
| Sensitive data opt-in consent | Required |
Required Links & Notices
The RIDPA requires the following links or notices to be visible on your website:
- 1Do Not Sell or Share My Personal Data
- 2Privacy Policy
Enforcement & Penalties
Key Things to Know
Rhode Island's privacy law takes effect January 1, 2026, and is among the more consumer-friendly laws. Like Maryland, it has no cure period, meaning the AG can pursue enforcement immediately.
Low thresholds: Rhode Island uses the lower 35K/10K+20% thresholds (similar to Delaware and New Hampshire), expanding coverage to more businesses.
Security requirements: Rhode Island uniquely requires businesses to implement and maintain "reasonable security practices and procedures" to protect personal data, adding a data security component to the privacy law.
How to Configure LegalBanner for RIDPA
- 1
Create your site
Sign up for free and add your website domain in the dashboard.
- 2
Set consent mode to "Opt-out"
In Settings, select the consent mode that matches Rhode Island's requirements.
- 3
Install the snippet
Add the one-line script tag to your website. The banner, opt-out links, and GPC support are automatic.
- 4
Generate your Privacy Policy
Use the built-in policy wizard to generate a RIDPA-compliant privacy policy.
Set up RIDPA compliance in 5 minutes
LegalBanner handles Rhode Island privacy requirements automatically — cookie banner, opt-out links, and GPC support included.
Frequently Asked Questions
When does the Rhode Island RIDPA take effect?
The RIDPA takes effect January 1, 2026. Businesses should begin preparing now.
Does Rhode Island have a cure period?
No. Rhode Island is one of only two states (along with Maryland) with no cure period. The AG can take immediate enforcement action for violations.
What are the thresholds for the Rhode Island law?
35,000+ consumers (excluding payment transactions) or 10,000+ consumers with 20%+ revenue from data sales — among the lowest thresholds nationally.
Does Rhode Island require data security measures?
Yes. Rhode Island uniquely requires businesses to implement and maintain reasonable security practices to protect personal data, in addition to standard privacy requirements.
What are the penalties for RIDPA violations?
Up to $10,000 per violation with no cure period. The AG can pursue immediate enforcement.