Regulatory Roundup – Consumer Privacy Laws Take the Front Seat in 2022
In Case You Missed It, Here’s A Recap of Consumer Privacy Laws That Have Passed So Far This Year
A wave of new legislation has passed since the ball dropped in January. In the past six months, 34 states have introduced or considered close to 200 consumer privacy bills
The most common type of bills that are being considered are comprehensive consumer privacy legislation – accounting for almost 70 bills in at least 25 states and Washington D.C.
These types of bills aim to regulate the collection, use, and disclosure of consumer data by businesses.
We see these three rights further expressed in the following legislation that two states have recently passed.
Connecticut and Utah Pass Comprehensive Consumer Privacy Laws in 2022:
Consumer privacy laws aim to provide consumers with a set of rights to protect their collected data, such as the right to access, correct, and delete personal information.
Connecticut 2022 S.B. No. 6 (Personal Data Privacy and Online Monitoring)
Effective July 1, 2023
Under the CDPA, consumers will have the right to:
→ Confirm whether or not a controller is processing the consumer’s personal data and access such personal data;
→ Correct inaccuracies in the consumer’s personal data;
→ Delete personal data provided by, or obtained about, the consumer;
→ Obtain a copy of the consumer’s personal data processed by a controller, in a portable and, to the extent technically feasible, readily usable format;
→ Opt out of the processing of their personal data for purposes of targeted advertising, the sale of personal data, or profiling in furtherance of solely automated decisions that produce legal or similarly significant effects concerning the consumer.
Utah Consumer Privacy Act, 2022 S.B. 227
Effective Dec. 31, 2023
The Utah Consumer Privacy Act provides consumers the right to:
→ Access and delete certain personal data maintained by certain businesses;
→ Opt out of the collection and use of personal data for certain purposes;
→Requires certain businesses that control and process consumers’ personal data to safeguard consumers’ personal data; provide clear information to consumers regarding how the consumers’ personal data are used; and accept and comply with a consumer’s request to exercise the consumer’s rights under this bill;
→ Creates a right for a consumer to know what personal data a business collects, how the business uses the personal data, and whether the business sells the personal data;
→ Upon request and subject to exceptions, requires a business to delete a consumer’s personal data or stop selling the consumer’s personal data;
→Allows the Division of Consumer Protection to accept and investigate consumer complaints regarding the processing of personal data;
→ Authorizes the Office of the Attorney General to take enforcement action and impose penalties; and makes technical changes.
What Other States Have Passed Comprehensive Consumer Privacy Laws?
California Consumer Privacy Rights Act of 2020 (also known as Proposition 24)
Effective January 1, 2023
Once effective, the law will permit consumers to:
(1) Prevent businesses from sharing personal information
(2) Correct inaccurate personal information
(3) Limit businesses’ use of “sensitive personal information”—including precise geolocation; race; ethnicity; religion; genetic data; private communications; sexual orientation; and specified health information.
The legislation will also triple maximum penalties for violations concerning consumers under the age of 16.
The CPPA held a public meeting earlier this month (June 8, 2022) to discuss the proposed regulations and other topics.
Virginia Consumer Data Protection Act, 2021 H.B. 2307|2021 S.B. 1392 (VCDPA)
Effective Jan. 1, 2023
The bill grants consumer rights to access, correct, delete, and obtain a copy of personal data and to opt out of the processing of personal data for purposes of targeted advertising, the sale of personal data, or profiling of the consumer. The bill provides that the Attorney General has exclusive authority to enforce violations of the law, and the Consumer Privacy Fund is created to support this effort.
Colorado Privacy Act, 2021
Effective July 1, 2023
The Colorado Privacy Act provides Colorado residents with the following rights:
→ Right to opt out of targeted advertising
→ Right of access to their personal data collected
→ Right to correction
→ Right to deletion
→ Right to data portability
Businesses will be required to comply with consumer-selected opt-outs for targeted advertising and sales.
2023 is looking like it will be the year for consumers. However, there’s still a lot of work cut out for states as they look to further the protection of consumers’ personal information amid advancements in technology, such as biometric identification.
RadarFirst Intelligent Incident Management is the only software capable of automating regulatory research and breach decisioning.
With a sea of state, federal, and international laws, as well as third-party contractual obligations, compliance with data breach regulations only grows more difficult.
RadarFirst offers a permanent solution for a constantly changing privacy landscape with complex data breach regulations. As the landscape shifts, RadarFirst adapts.
There's No Reason To Go at It Alone