New State Laws on Privacy, AI, and Data Centers: What You Need to Know
Intro
If you’ve noticed more pop-ups asking about cookie preferences, or seen a news story about a new data center being built nearby, there’s a reason. Over the past year, state legislatures have been busy passing laws that directly affect how companies handle your personal information, how artificial intelligence can be used, and how data centers operate. Because federal action has been slow and fragmented, states are creating their own rules — and they often differ from one state to another.
For consumers, that patchwork can be confusing. But it also gives you new rights. Here’s what’s been happening, why it matters, and what you can do about it.
What Happened
According to a Bloomberg Government analysis published in July 2026 (BGOV OnPoint: Data Center, Privacy, AI Rules Lead New State Laws), states have passed a record number of bills in three related areas:
Data center regulation – Several states now require data centers to meet energy efficiency standards, report water usage, and comply with specific security requirements. Some laws also restrict where data centers can be built (for example, near residential areas or sensitive natural resources).
Privacy protections – Building on earlier laws like California’s CCPA and Virginia’s CDPA, more states have passed comprehensive privacy laws. Common provisions include the right to access, delete, or correct your personal data, as well as limits on how companies can collect and sell that data. Some states now require opt-in consent for certain types of processing, such as using data to train AI models.
AI transparency rules – A growing number of states mandate that companies disclose when an AI system is making decisions about you (e.g., loan approvals, hiring, or medical triage). These laws often require that consumers can request an explanation of how the AI reached a conclusion. Some also require bias audits for high-risk systems.
The Bloomberg article notes that the trend is accelerating because Congress has not yet passed a comprehensive federal privacy or AI law. Earlier reports from BGOV (May 2026) highlighted how the data center boom is confounding policymakers; an April 2026 piece covered emerging AI transparency requirements as Congress crafts a framework. Meanwhile, a March 2026 article discussed the Trump administration’s proposed AI framework, which would preempt state laws if enacted — but that hasn’t happened yet.
Why It Matters
For everyday consumers, these new state laws translate into practical changes in how your data is handled and how you interact with AI:
More control over your data. You may now have the legal right to tell a company to delete information it holds about you, or to ask it not to sell your data. But these rights are not uniform — if you live in a state without a comprehensive privacy law, you may not have those protections.
Less opaque AI decisions. When an algorithm denies you a loan or flags your resume for rejection, you may be entitled to an explanation. That doesn’t mean the explanation will always be easy to understand, but it forces companies to at least document their reasoning.
Data center location and environmental impact. If a data center is being built in your area, new state laws may require the company to disclose energy and water use, and to follow siting rules that can affect local traffic, noise, and power grids. That matters because data centers consume enormous amounts of electricity and water.
However, there are limits. State laws cannot regulate interstate commerce or preempt federal law if it eventually passes. Enforcement also varies — some states rely on the attorney general; others allow private lawsuits. And even with new laws, companies often have loopholes, such as sharing data with “service providers” in ways that aren’t fully covered.
What Readers Can Do
Know your state’s laws. Look up whether your state has a comprehensive privacy law (like California, Colorado, Connecticut, Virginia, Utah, or newer additions) and what rights it grants. For AI-specific rules, check if your state requires disclosure for automated decisions. Sites like the IAPP’s US State Privacy Legislation Tracker can help.
Exercise your rights. If your state gives you the right to opt out of data sales or to request deletion, use it. Companies must honor these requests within a specific timeframe (usually 30 to 45 days). Keep records of your requests.
Be skeptical of vague AI disclosures. If a company says “we use AI to improve your experience,” follow up. Ask what data is used and whether you can opt out. State laws increasingly require concrete explanations, so don’t accept boilerplate language.
Monitor local data center proposals. If a data center is planned near you, attend public hearings and ask about compliance with new energy and water use laws. Environmental impact statements may now be required in some states.
Stay informed as federal action looms. The Trump administration’s AI framework, if enacted, could override many state rules. Pay attention to national news, but also know that federal preemption is not guaranteed — states often push back.
Sources
- “BGOV OnPoint: Data Center, Privacy, AI Rules Lead New State Laws” – Bloomberg Government News, July 10, 2026.
- “BGOV OnPoint: Data Center Boom Confounds Policymakers” – Bloomberg Government News, May 18, 2026.
- “AI Transparency Requirements Emerge as Congress Crafts Framework” – Bloomberg Government News, April 6, 2026.
- “BGOV OnPoint: Trump AI Framework Would Preempt State Laws” – Bloomberg Government News, March 23, 2026.