KLS Keeping Law Simple Legislation in plain English

Straight-ahead summaries built from the official bill text. We keep the source links front and center and leave the decision up to you.

Back to Alabama

HB263 • 2026

Biological and neural data of individuals; certain disclosures, transfers, and use by a health and fitness app prohibited without express consent, Attorney General authorized to enforce, civil penalties provided

Biological and neural data of individuals; certain disclosures, transfers, and use by a health and fitness app prohibited without express consent, Attorney General authorized to enforce, civil penalties provided

Technology
Passed Legislature

This bill passed both chambers and reached final enrollment, even if later executive action is not shown here.

Sponsor
Robbins
Last action
2026-03-11
Official status
Read Second Time in Second House
Effective date
Not listed

Plain English Breakdown

The exact wording and scope of enforcement actions are detailed in the bill text but not summarized here.

Biological and Neural Data Protection for Health and Fitness Apps

This law stops health and fitness apps from sharing or using a person's biological and neural data without their clear permission, unless it is for specific reasons like legal requirements.

What This Bill Does

  • Forbids health and fitness apps from sharing personal biological and neural data with others without the user’s explicit consent.
  • Requires apps to inform users before they can use or share this data for other purposes than what was expected by the user.
  • Gives the Attorney General the power to enforce these rules and fine companies up to $3,000 if they break them.

Who It Names or Affects

  • Alabama residents who use health and fitness apps.
  • Companies that own or operate these apps.

Terms To Know

Biological Data
Information about a person's body, like genetic makeup or brain activity, collected by technology.
Neural Data
Data from measuring the activity of someone’s central nervous system.

Limits and Unknowns

  • The law does not cover data shared for legal reasons like court orders or to prevent fraud.
  • It only applies after October 1, 2026.

Amendments

These notes stay tied to the official amendment files and metadata from the legislature.

6YR4511-1

R 648

Adopted

Plain English: 6YR4511-1 02/17/2026 GP (L)GP 2026-258 SUB HB263 JUDICIARY SUBSTITUTE TO HB263 OFFERED BY REPRESENTATIVE ROBBINS Page 1 SYNOPSIS: This bill would prohibit certain covered entities that maintain biological data or neural data from transferring or disclosing a consumer's biological data or neural data to a third party without the express consent of the consumer.

  • 6YR4511-1 02/17/2026 GP (L)GP 2026-258 SUB HB263 JUDICIARY SUBSTITUTE TO HB263 OFFERED BY REPRESENTATIVE ROBBINS Page 1 SYNOPSIS: This bill would prohibit certain covered entities that maintain biological data or neural data from transferring or disclosing a consumer's biological data or neural data to a third party without the express consent of the consumer.
  • This bill would define the term "covered entity" to include any health and fitness application that collects, processes, uses, shares, sells, or generates a consumer's biological data or neural data.
  • This bill would prohibit a covered entity from using a consumer's biological data or neural data for a purpose other than what is necessary to perform the services or provide the goods requested by the consumer.
  • This bill would prohibit a covered entity from marketing to a consumer based on the consumer's biological data or neural data.
  • This amendment summary is using official source text because generated interpretation was skipped for this run.
DG8FMHN-1

R 649

Adopted

Plain English: DG8FMHN-1 : 2/24/2026 : GP 1ST ROBBINS AMENDMENT TO HB263 OFFERED BY REPRESENTATIVE ROBBINS Page 1 Replace line 50 on page 2 with the following: (1) BIOLOGICAL DATA.

  • DG8FMHN-1 : 2/24/2026 : GP 1ST ROBBINS AMENDMENT TO HB263 OFFERED BY REPRESENTATIVE ROBBINS Page 1 Replace line 50 on page 2 with the following: (1) BIOLOGICAL DATA.
  • Data generated by the Replace lines 53 through 55 on page 2 with the following: or neural properties, compositions, or activities, or an individual's body or bodily functions, which are used to uniquely identify the specific individual to whom the data pertains.
  • The term does not include a photograph, video or audio recording, or data generated from a photograph or audio recording, unless such data is generated to uniquely identify the specific individual to whom the data pertains.
  • Replace lines 76 through 78 on page 3 with the following: measurement of the activity of an individual's central nervous system and that can be processed by or with the assistance of a device.
  • This amendment summary is using official source text because generated interpretation was skipped for this run.

Bill History

  1. 2026-03-11 Senate

    Read for the Second Time and placed on the Calendar

  2. 2026-03-11 Senate

    Reported Out of Committee Second House

  3. 2026-02-26 House

    Motion to Read a Third Time and Pass as Amended - Adopted Roll Call 650 (Yeas 104, Nays 0)

  4. 2026-02-26 House

    Motion to Adopt - Adopted Roll Call 649 (Yeas 104, Nays 0)

  5. 2026-02-26 House

    Motion to Adopt - Adopted Roll Call 648 (Yeas 104, Nays 0)

  6. 2026-02-26 House

    Third Reading in House of Origin (Yeas 103, Nays 0)

  7. 2026-02-26 Senate

    Pending Committee Action in Second House

  8. 2026-02-26 Senate

    Read for the first time and referred to the Senate Committee on Judiciary

  9. 2026-02-26 House

    Engrossed

  10. 2026-02-26 House

    Robbins 1st Amendment Offered

  11. 2026-02-26 House

    Judiciary 1st Substitute Offered

  12. 2026-02-19 House

    Read for the Second Time and placed on the Calendar

  13. 2026-02-18 House

    Reported Out of Committee House of Origin

  14. 2026-02-18 House

    Judiciary 1st Substitute

  15. 2026-01-15 House

    Pending Committee Action in House of Origin

  16. 2026-01-15 House

    Read for the first time and referred to the House Committee on Judiciary

Official Summary Text

Biological and neural data of individuals; certain disclosures, transfers, and use by a health and fitness app prohibited without express consent, Attorney General authorized to enforce, civil penalties provided

Current Bill Text

Read the full stored bill text 
HB263 ENGROSSED
Page 0
HB263
6YR4511-2
By Representative Robbins
RFD: Judiciary
First Read: 15-Jan-26
1
2
3
4
5
HB263 Engrossed
Page 1
First Read: 15-Jan-26
A BILL
TO BE ENTITLED
AN ACT
Relating to consumer protections; to prohibit certain
health and fitness applications from disclosing, transferring,
or taking certain other actions with regard to a consumer's
biological data or neural data without the consumer's express
consent, with exceptions; to authorize the Office of the
Attorney General to enforce; and to provide a civil penalty
for violations.
BE IT ENACTED BY THE LEGISLATURE OF ALABAMA:
Section 1. For the purposes of this act, the following
terms have the following meanings:
(1) BIOLOGICAL DATA. Data generated by the
technological processing, measurement, or analysis of an
individual's biological, genetic, biochemical, physiological,
or neural properties, compositions, or activities, or an
individual's body or bodily functions, which are used to
uniquely identify the specific individual to whom the data
pertains. The term does not include a photograph, video or
audio recording, or data generated from a photograph or audio
recording, unless such data is generated to uniquely identify
the specific individual to whom the data pertains.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
HB263 Engrossed
Page 2
the specific individual to whom the data pertains.
(2) CONSUMER. Any individual who is an Alabama
resident.
(3) COVERED ENTITY. The owner or operator of a health
and fitness application. The term includes any individual or
entity that offers, maintains, owns, licenses, or controls
software made available to consumers through an app store or
website, provided that:
a. The software collects, processes, uses, shares,
sells, or generates biological data or neural data from a
consumer, whether alone or in combination with other personal
data; and
b. The data is collected for purposes that include
health tracking, wellness, sleep, fitness, mental or cognitive
performance, mindfulness, or stress.
(4) EXPRESS CONSENT. A consumer's acknowledgment or
permission, in writing or captured electronically, to a clear,
meaningful, and prominent written notice regarding the
disclosure or use of the consumer's biological data or neural
data.
(5) NEURAL DATA. Information that is generated by the
measurement of the activity of an individual's central nervous
system and that can be processed by or with the assistance of
a device.
(6) THIRD PARTY. An individual or legal entity that is
not a consumer, covered entity, or processor. For the purposes
of this subdivision, a processor is an entity that: (i)
processes biological data or neural data on behalf of a
covered entity; (ii) adheres to the instructions of the
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
HB263 Engrossed
Page 3
covered entity; (ii) adheres to the instructions of the
covered entity; and (iii) assists the covered entity in
meeting its obligations under this act.
Section 2. (a) A covered entity may not do any of the
following without the express consent of the consumer:
(1) Transfer a consumer's biological data or neural
data to a third party.
(2) Disclose the consumer's biological data or neural
data to a third party for a reason other than fulfillment of
the entity's products or services.
(3) Use the consumer's biological data or neural data
for a purpose other than what is necessary to perform the
services or provide the goods reasonably expected by an
average consumer who requests those goods or services.
(4) Market to a consumer based on the consumer's
biological data or neural data.
(b) A covered entity that transfers, discloses, or uses
a consumer's biological data or neural data for purposes other
than those provided in subsection (a), before the transfer,
disclosure, or use, shall notify the consumer that the
information may be transferred, disclosed, or used for a
specified purpose and provide the consumer the opportunity to
limit or prevent the transfer, disclosure, or use of the
biological data or neural data.
Section 3. (a) The Attorney General has exclusive
authority to enforce this act.
(b)(1) The Attorney General, prior to initiating any
action for a violation of any provision of this act, shall
issue a notice of violation to the covered entity accused of
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
HB263 Engrossed
Page 4
issue a notice of violation to the covered entity accused of
the violation.
(2) If the covered entity fails to correct the
violation within 45 days after receipt of the notice of
violation, the Attorney General may bring an action for an
injunction pursuant to this section. Upon a finding that the
covered entity has violated this act and failed to correct the
violation as required by this section, the court may assess a
civil penalty of not more than three thousand dollars ($3,000)
per violation.
(3) If within the 45-day period the covered entity
corrects the noticed violation and provides the Attorney
General with an express written statement that the alleged
violation has been corrected and that no such further
violations will occur, no action may be initiated against the
covered entity.
Section 4. This act does not apply to any of the
following transfers, disclosures, or uses of biological data
or neural data:
(1) By law enforcement for any law enforcement
purposes.
(2) To comply with a subpoena, summons, other lawful
court order, or federal law.
(3) Pursuant to Article 2, Chapter 18 of Title 36, Code
of Alabama 1975.
(4) By a genetic testing company that complies with
Chapter 43 of Title 8, Code of Alabama 1975.
(5) The collection, use, retention, or disclosure of
biological or neural data by a covered entity or business
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
HB263 Engrossed
Page 5
biological or neural data by a covered entity or business
associate in accordance with 45 C.F.R. Parts 160 and 164.
(6) The use of de-identified biological or neural data.
(7) The collection, use, or retention of biological or
neural data for noncommercial purposes, including for research
and instruction, by a public or private institution of higher
education or any entity owned or operated by a public or
private institution of higher education.
(8) The transfer, disclosure, or use of biological or
neural data that is governed by state or federal law
regulating the business of insurance, including underwriting,
rating, risk classification, reinsurance, and claims
administration.
(9) To provide a product or service specifically
requested by a consumer; to perform a contract to which the
consumer is a party, including fulfilling the terms of a
written warranty; or to take steps at the request of the
consumer prior to entering into a contract.
(10) To prevent, detect, protect against, or respond to
security incidents, identity theft, fraud, harassment,
malicious or deceptive activities, or any illegal activity; to
preserve the integrity or security of systems; or to
investigate, report, or prosecute those responsible for any
such action.
(11) To conduct internal research to develop, improve,
or repair products, services, or technology.
(12) To effectuate a product recall.
(13) To identify and repair technical errors that
impair existing or intended functionality.
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
HB263 Engrossed
Page 6
impair existing or intended functionality.
(14) To perform internal operations that are reasonably
aligned with the expectations of the consumer or reasonably
anticipated based on the consumer's existing relationship with
the covered entity or are otherwise compatible with processing
data in furtherance of the provision of a product or service
specifically requested by a consumer or the performance of a
contract to which the consumer is a party.
Section 5. This act shall become effective on October
1, 2026.
141
142
143
144
145
146
147
148
149
HB263 Engrossed
Page 7
1, 2026.
House of Representatives
Read for the first time and referred
to the House of Representatives
committee on Judiciary
................15-Jan-26
Read for the second time and placed
on the calendar:
0 amendments
................19-Feb-26
Read for the third time and passed
as amended
Yeas 104
Nays 0
Abstains 0
................26-Feb-26
John Treadwell
Clerk
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170