The data collected by the vast majority of products that people use on a daily basis is not regulated. Since many companies don`t have federal privacy laws, they can do whatever they want with data, unless a state has its own privacy law (more on that below). Consumer protection has always been an area where the power of States to ensure fair competition and informed consumer choice has been preserved, not eliminated. This structure has worked well for many years and no need for change in the area of privacy has been demonstrated. The state`s law`s right of first refusal will only undermine consumers` trust in their dealings with financial institutions, online retailers, and other online and offline businesses. This finding is particularly strong with respect to financial reporting, where Congress has already recognized the benefits of state-sponsored privacy. Scope: The law expands the scope of the right to opt-out, but the scope of „covered information” is narrower than „personal data” defined by similar laws. In the absence of congressional action on a comprehensive U.S. federal data protection law, five states have now enacted their own laws. We`ve already provided a summary of the laws of California, Virginia, and Colorado (available here), and Utah and Connecticut have since enacted new privacy laws. The Connecticut Personal Data Privacy and Online Surveillance Act (CTDPA) was signed into law on May 10, 2022 and is expected to go into effect on July 1, 2023.

The Utah Consumer Privacy Protection Act (UCPA) was signed into law on March 24, 2022 and is expected to take effect on December 31, 2023. As the comparison chart below shows, the CPDPA and UCPA are similar in many ways to the Colorado Privacy Act (CPA) and the Virginia Consumer Data Protection Act (VCDPA), but there are important differences between these laws and the California Consumer Privacy Act (CCPA). which went into effect in 2020 and was amended by the California Privacy Rights Act (CPRA). Sheila A. Millar advises corporate and association clients on advertising, data protection, product safety and other public policy and regulatory compliance matters. The CCPA is currently the only one of the five new state laws that allows a private right of action, and that right is limited to breaches of „personal information” (as defined in a separate California data breach notification law, which is more narrowly defined than the term „personal information” in the CCPA). CPRA extends the CCPA`s private right of action to data breaches that compromise a username and password, and creates a new law enforcement agency, the California Privacy Protection Agency (CPPA). The state has already established and funded the CPPA, and the CPPA has held information and stakeholder meetings as part of the rule implementation process. 1. Whitney Merrill, Privacy Lawyer and Privacy Commissioner, telephone interview, July 26, 2021 California Civil Code § 1798.90 The California Reader Privacy Act protects information about books that Californians browse, read, or purchase from electronic services and online booksellers who may have access to detailed reader information.

such as navigating certain pages. Requires a search warrant, court order, or express consent of the user before this company can disclose its users` personal information in connection with the use of a book, with certain exceptions, including imminent threat of death or serious bodily harm. Much of the data economy that underpins shared products and services is invisible to buyers. As your data is shared between countless third parties, not only are there more companies profiting from your data, but there are also more opportunities for your data to leak or be breached in a way that causes actual harm. Last year, we saw a news organization use pseudonymous app data allegedly leaked by an advertiser linked to the dating app Grindr to a priest`s revelation. We read that the U.S. government purchased location data from a prayer app.