In recent years, there has been a growing focus on online privacy, and consumers’ demand for stronger privacy laws is increasing. In 2018, the European Union enacted the General Data Protection Regulation (GDPR), which is the most comprehensive privacy law in the world. The GDPR has had a significant impact on the way websites collect and use personal information.
Since then, there have been a number of privacy laws enacted in the United States. As of April 2023, there are six states in the United States with comprehensive privacy laws for websites:
- California: The California Consumer Privacy Act (CCPA) is the most comprehensive state privacy law in the US. It gives consumers a number of rights over their personal data, including the right to know what data is being collected about them, the right to delete that data, and the right to opt out of the sale of their data.
- Colorado: The Colorado Privacy Act (CPA) is a newer state privacy law. Senate Bill 21-190 was signed on July 7, 2021. It is similar to the CCPA and VCDPA in many ways and will go into effect July 1, 2023
- Connecticut: The Connecticut Data Privacy Act (CTDPA) is another newer state privacy law. On May 10, 2022 Senate Bill 6 was signed: An Act Concerning Personal Data Privacy and Online Monitoring (also known as The Connecticut Data Privacy Act or “CTDPA”), making Connecticut one of the first states to pass a comprehensive consumer privacy law. The CTDPA takes effect on July 1, 2023.
- Iowa: The Iowa Consumer Data Protection Act (ICDPA) Senate File 262 was signed by the Iowa House and Senate on Mach 28, 2023, making Iowa the 6th state with comprehensive consumer privacy legislation. It will go into effect on 1 January 2025.
- Utah: The Utah Consumer Privacy Act (UCPA) is a state privacy law that was enacted in 2020. It is similar to the CCPA in many ways, but it also includes some additional protections, such as the right to be forgotten and the right to restrict the use of your data for targeted advertising.
- Virginia: The Virginia Consumer Data Protection Act (VCDPA) is another comprehensive state privacy law. It is similar to the CCPA, but it also includes some additional protections, such as the right to know how your data is being used and the right to have your data corrected if it is inaccurate.
In addition to these six states, there are a number of other states with more limited privacy laws for websites. These laws may cover specific types of data, such as financial information or health data, or they may apply only to certain industries, such as healthcare or financial services. It is important to note that these laws are constantly evolving, so it is critical to stay up-to-date on the latest changes.
- Georgia – Georgia Data Privacy Act
- Hawaii – Consumer Data Protection Act
- Illinois – Illinois Data Privacy and Protection Act
- Indiana – Consumer Data Protection
- Kentucky – Consumer Data Privacy
- Louisiana – Louisiana Consumer Privacy Act
- Maryland – Online and Biometric Data Privacy Act
- Massachusetts (3) – MA Data Privacy Protection Act
• MA Information Privacy and Security Act
• Internet Bill of Rights
- Montana – Consumer Data Privacy Act
- Mississippi – Consumer Data Privacy Act
- Minnesota – Consumer Data Privacy
- New Hampshire – Expectation of Privacy
- New York (4) – Digital Fairness Act
• New York Privacy Act
• Consumer Right to Request Disclosure of Information
• Personal Information Collection
- New Jersey (3) – Online Personally Identifiable Information Disclosure
• NJ Disclosure and Accountability Transparency Act
• Commercial Internet Websites Consumer Information
- North Carolina – North Carolina Consumer Privacy Act
- Oklahoma – Oklahoma Computer Data Privacy Act
- Tennessee – Tennessee Information Protection Act
- Pennsylvania – Consumer Data Protection Act
- Washington – People’s Privacy Act
- West Virginia – Consumer Data Protection Act
Here are some things to keep in mind:
Data collected from websites varies. Some basic data includes:
- The types of personal information collected
- How personal information is collected and used
- How personal information is shared with third parties
- How personal information is protected
- How users can access, correct, or delete their personal information
- How users can opt out of the collection or use of their personal information
- Type of non-identifiable information that is collected (IP address, analytics, etc.)
Where should privacy policies be posted?
- Use clear and concise language that is easy for users to understand.
- Avoid legal jargon and technical terms.
- Be honest and transparent about how you collect and use personal information.
Disclaimer: This blog post cannot and does not contain legal advice. The information is provided for general informational and educational purposes only and is not a substitute for professional advice. Accordingly, before taking any actions based upon such information, we encourage you to consult with an appropriate legal professional. We do not provide any kind of legal advice. THE USE OR RELIANCE OF ANY INFORMATION CONTAINED IN THIS BLOG POST IS SOLELY AT YOUR OWN RISK.
This post may contain affiliate links for your convenience.