What is the Kentucky Consumer Data Protection Act (“KCDPA”)?
The Kentucky Consumer Data Protection Act (“KCDPA”) was passed by the Kentucky legislature on March 27, 2024, becoming the fifteenth state to enact consumer data privacy legislation. The law does not require additional compliance burdens for entities already complying with other non-California privacy laws. It limits the definition of "sale of personal data" to include only exchanges of personal data for monetary consideration, does not require that controllers recognize opt-out requests submitted via opt-out preference signals or global privacy controls, does not establish a private right of action or privacy-focused regulator, does not grant the Attorney General any rulemaking authority, and it does include a permanent 30-day cure period provision. The KCDPA is slated to take effect January 1, 2026.
Stay Ahead of the Curve! Explore our comprehensive CLIClaw Kentucky Privacy Compliance Library for in-depth resources and insights.
These materials were obtained directly from the State Government public websites and are posted here for your review and reference only. No Claim to Original State Government Works. This may not be the most recent version. The State may have more current information. We make no guarantees or warranties about the accuracy or completeness of this information, or the information linked to. Please check the linked sources directly.