According to the Legislative Budget Board (LBB), the fiscal implications of SB 2121 indicate that the bill would have no fiscal impact on the state. The analysis finds that the expanded regulatory definition of data brokers and the associated applicability criteria would not necessitate additional state expenditures or staffing. This suggests that any administrative adjustments or oversight functions related to identifying or monitoring newly covered data brokers can be absorbed within existing agency resources.

Similarly, there is no anticipated fiscal impact on local governments. The bill does not impose duties or costs on local entities, as the regulatory responsibilities fall under state-level jurisdiction. There are no mandates for local enforcement, data collection, or administrative support, which ensures that cities, counties, or other local political subdivisions are unaffected from a budgetary standpoint.

In practical terms, the bill appears to focus on clarifying and expanding the scope of existing statutory definitions and thresholds without introducing new compliance mechanisms, penalties, or enforcement structures that would require additional funding. As such, the legislative intent is fulfilled without generating new costs to the public sector.

SB 2121 proposes a technical but important clarification to Texas’s data broker law by amending definitions and applicability thresholds in the Business & Commerce Code. Specifically, the bill redefines a “data broker” as any business entity that collects, processes, or transfers personal data not directly obtained from the individual to whom the data relates. It also clarifies that regulatory thresholds apply to brokers who either derive more than 50% of their revenue from such activities or process data on more than 50,000 individuals in a 12-month period. These changes are intended to address inconsistencies in the original statutory language that certain entities have exploited to evade regulation.

The bill aligns meaningfully with the principles of Individual Liberty and Private Property Rights. By targeting businesses that traffic in personal information without individuals’ knowledge or consent, the bill supports the notion that individuals have a right to control their personal data—an increasingly vital aspect of liberty in the digital age. The statutory revisions strengthen transparency and accountability in a segment of the data economy that has largely operated without consumer-facing obligations or public scrutiny.

Additionally, the legislation does not create new criminal offenses, increase government expenditures, or delegate new rulemaking authority to state agencies. The Legislative Budget Board found no fiscal impact on either state or local governments, indicating that existing agencies can enforce the clarified definitions using current resources. The absence of new enforcement mechanisms or mandates on local governments helps ensure that the bill maintains a limited and focused regulatory scope.

However, concerns remain regarding the bill’s potential to impose unintended compliance burdens on smaller businesses or startups whose handling of third-party data may be incidental rather than core to their business models. These entities could fall within the new scope without adequate resources to navigate the regulatory landscape. To better uphold the principles of Free Enterprise and Limited Government, a clarifying amendment could help define safe harbor provisions or threshold exemptions based on the scale and risk profile of data handling practices.

In sum, SB 2121 makes a constructive and narrowly tailored policy correction that enhances data protections and market transparency. It upholds key liberty principles, particularly those related to personal privacy and the responsible use of data, while avoiding new spending or enforcement overreach. With a recommended amendment to ensure regulatory proportionality for small businesses, the bill would more fully align with all five liberty principles. As such, Texas Policy Research recommends that lawmakers vote YES on SB 2121 but also suggests they consider clarifying improvements would strengthen the legislation.

• Individual Liberty: The bill strengthens individual liberty by helping protect personal data from being traded, processed, or sold by entities without the individual's knowledge or consent. By broadening the definition of “data broker” and ensuring that entities handling personal data not collected directly from individuals are within regulatory reach, the bill promotes transparency and accountability. While it does not establish consumer rights like data access or deletion, it helps uphold individuals’ privacy—a foundational aspect of liberty in the digital age.
• Personal Responsibility: The bill does not directly impact personal responsibility. It neither empowers individuals with new rights over their data nor imposes obligations on them. Its regulatory framework targets businesses, not consumers. That said, by clarifying the responsibilities of entities that handle personal data, it reinforces the idea that businesses must act responsibly in safeguarding others’ private information.
• Free Enterprise: The bill may expand regulatory compliance obligations for businesses that handle data not collected directly from individuals. Entities that previously considered themselves outside the scope of data broker regulations may now fall under it, possibly increasing legal and operational costs. This could create a barrier for small or emerging firms whose business models involve limited or incidental data handling. However, the thresholds in the bill—50% revenue from such data or handling of 50,000 individuals' data—help limit the impact to larger players. A safe harbor or exemption for low-risk entities could mitigate these concerns and better align the bill with this principle.
• Private Property Rights: From the consumer standpoint, the bill supports private property rights by reinforcing the idea that individuals have a claim to control over their personal data. It limits the ability of third parties to profit from that data without being subject to oversight. However, businesses may view the new definition as a restriction on how they use data they have lawfully obtained, potentially affecting their data assets. Overall, it promotes a more responsible balance between business data use and individual rights.
• Limited Government: The bill expands the scope of regulation to include a broader range of businesses under the state’s data broker oversight. While this could be seen as a departure from a strictly limited government approach, the expansion is modest, targeted, and built on an existing framework. No new agencies are created, no enforcement powers are broadened, and the Legislative Budget Board reports no fiscal impact. Still, to fully respect this principle, amendments ensuring minimal regulatory burden for small or low-risk businesses would be appropriate.