The privacy landscape in the United States is going through a major shift as new regulations and laws are being introduced. Several states, including Virginia and Colorado, have already enacted privacy laws scheduled to take effect in 2023. And they’re not alone – many other states are also composing and debating their own comprehensive privacy laws.
As these states approve new privacy legislation, it’s vital for organizations to stay on top of the latest developments and be prepared to comply with these new laws. And it’s not just the laws that are changing, but also the number of bills being proposed. While it’s important to note that state privacy bills are much more common than privacy laws, they do provide insight into the direction that privacy regulations are heading. In this article, we’ll look at a couple state privacy bills that could indicate what future laws will look like.
New York Privacy Act
One of the examples of the legislation proposed for 2023 is the New York Privacy Act. This bill requires organizations to obtain opt-in consent for processing sensitive data and includes a private right of action for violation of opt-out rights. The bill also includes requirements for data protection impact assessments (DPIAs), and requires additional assessments to avoid discriminatory use of data (like the Meta incident from last year). Targeted advertising is no longer defined as “necessary” to market to consumers. Customers also have the right to appeal decisions from automated decision making.
Oklahoma Computer Data Privacy Act
Another state introducing privacy legislation is Oklahoma. This bill, known as the Oklahoma Computer Data Privacy Act, requires organizations to inform customers about the categories of data being collected and for what purpose, with consent being mandatory. The bill also gives consumers the right to opt-out of the sale of personal data and provides a clear and conspicuous link for consent to the sale. Additionally, third parties who have data sold to them may not resell it without obtaining consent from the consumer.
An Act Relating to Consumer Data Privacy (Kentucky)
In Kentucky, An Act Relating to Consumer Data Privacy bill aims to give consumers the right to opt-out of targeted advertising, tracking, and the sale or sharing of personal data. Additionally, it requires businesses to honor universal preference signals, such as the GPC. The bill also requires controllers to provide quarterly reporting to the Attorney General and Legislative Research Commission, including categories and amount of personal data processed, as well as the number of identifiable consumers.
Tennessee Information Protection Act
Tennessee also has legislation in the works with the Tennessee Information Protection Act. This bill emphasizes data minimization practices and requires organizations to limit data collection to “what is adequate, relevant, and reasonably necessary” for the purpose. It also gives consumers the right to opt-out of the sale of personal information. Data protection assessments are required in the case of targeted advertising.
Watching New State Privacy Bills
With so many new laws and regulations coming into effect, and even more on the horizon, it’s vital that organizations stay on top of privacy compliance to protect their business and customers. Navigating the ever-changing landscape of privacy laws can be a daunting task for any organization. That’s why it’s important to have the right expertise to help guide you through the process. With expert help, organizations can be confident that they are compliant and well-prepared for new privacy legislation as it arises, and also stay up-to-date with the latest developments in state privacy laws.