4 Tips for Keeping Up with State Privacy Laws
Created on September 12, 2023
Today’s privacy landscape is more complex than ever. As of late summer in 2023, five states have privacy laws in effect, with eight more set to roll out over the next two and a half years. In addition, another five states have active bills that could become law. These laws have different provisions governing to whom they apply, what rights consumers have, and what businesses’ obligations are. Complying with this fragmented patchwork of laws is rapidly becoming untenable—if it isn’t already impossible. These forthcoming state frameworks may exert pressure on the... Read More
What Is the Global Privacy Control (GPC)? The Global Privacy Control is an update to the "Do Not Track" browser signal that the ad world successfully killed 10 years ago. According to globalprivacycontrol.org, it is a proposed specification designed to allow Internet users to notify businesses of their privacy preferences, such as whether or not they want their personal information to be sold or shared. It consists of a setting or extension in the user’s browser or mobile device and acts as a mechanism that websites can use to indicate they support the specification... 
If there's one thing that's been true in the world of privacy over the last few years, it's that there is never a dull moment--and that certainly is the case for the summer of 2023. In terms of new laws and regulatory updates, we've seen some action internationally, but it's really paled in comparison to what is happening at the state and federal level in the US. When we look back over the last few months, though, three trends emerge as being especially important.European Privacy Regulators Define a Status Quo It makes sense... 
On July 8, 2021, Colorado became the third state with a comprehensive privacy law protecting its citizens when Governor Jared Polis signed the Colorado Privacy Act (CPA) into law. The law, which went into effect on July 1, 2023, provides several privacy rights to Colorado citizens, as well as requiring websites to have a privacy policy and imposing fines for failure to comply with its requirements. With substantial financial penalties attached, the risks of non-compliance can add up quickly. The CPA is part of a patchwork of state laws that govern consumer... 
While the Brazilian General Data Protection Law (LGPD) was signed into law in 2018 and has been in effect since 2020, until recently it lacked an enforcement mechanism. In February 2023, Brazil’s Data Protection Agency (ANPD) announced the sanctions available under the law and now has the means to enforce compliance. Overview The LGPD brings 40 different laws governing personal data in Brazil under a single umbrella. It applies to at least 12,000 large companies (over 250 employees) that control or process data involving Brazilian citizens, granting them rights to confirm... 
While momentum for a comprehensive federal privacy law remains sporadic, state legislatures continue to pass privacy laws to protect their citizens. Iowa recently signed into law a comprehensive privacy law, becoming the sixth state to do so. It will go into effect on January 1, 2025. Overview On March 28, 2023, Iowa Governor Kim Reynolds signed into law Iowa Senate File 262, making Iowa the sixth US state with a comprehensive consumer privacy law, joining California, Colorado, Connecticut, Utah, and Virginia. Similar to other state laws, Iowa’s new law grants Iowa... 
The Federal Trade Commission continues to be a powerful force reining in privacy abuses against American consumers. In March 2023, the FTC announced a proposed $7.8 million settlement with BetterHelp, an online therapy and counseling service, for repeatedly violating its promise to consumers “not to use or disclose their personal health data.” Overview Considering that health information, and mental health information in particular, are quite sensitive and confidential, online counseling service BetterHelp (acquired by telehealth company Teladoc in 2015) repeatedly violated its customers’ trust by disclosing said information to a variety...