Concord Privacy News: 1/3/24
Data Privacy Laws: 2023 Year in Review
Leading up to 2023, the U.S. had seen a trickle of new data privacy laws each year, but this year brought a groundswell, with seven states enacting comprehensive data privacy laws: Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, and Texas. While each regulation varies to certain degrees, they all allow consumers to control some aspects of their data, while mandating businesses to implement measures that safeguard the privacy of consumer data.
The newer laws are also increasingly moving toward more stringent requirements like opt-in consent for the use of sensitive personal information. Data protection impact assessment requirements are also becoming more detailed, with states taking cues from other state laws that have passed in drafting their requirements.
Some interesting differences to note among the new laws: Texas became the first privacy law not to fully carve out small businesses, meaning small businesses, too, must obtain affirmative consent from consumers in order to sell their personal data. Oregon added national origin, status as transgender or nonbinary, and status as a crime victim to its definition of sensitive information. And Delaware set a new precedent by raising the age restriction on the sale of children’s data from 16 to 18 years old.
Time will tell whether other states enact data privacy laws, but rest assured we will keep you informed. And, we’ll also keep tabs on efforts to enact federal legislation, as we expect to see efforts to revive previously introduced federal data privacy bills that ultimately have not yet succeeded in Congress.
Other Privacy News of Note
West Virginia Legislature Looking at Data Privacy Law
Lawmakers want to add West Virginia to the more than a dozen states that protect the privacy of citizens’ digital information. Members of the Legislature’s Joint Standing Committee on the Judiciary received a briefing Tuesday morning on a draft bill set to be introduced during the 2024 regular session in January to protect data privacy. The briefing came on the final day of December interim meetings at the Capitol. Read more.
Musk’s X/Twitter Hit with Complaint Alleging Platform Broke Europe’s Strict Privacy Laws
Elon Musk’s X/Twitter has been hit with a complaint from privacy activist Max Schrems, which alleges the platform broke the European Union’s hard-hitting privacy rules. Lodged by Schrems’ campaign group Noyb with the Dutch data protection authority, the complaint purports that X/Twitter unlawfully used people’s political views and religious beliefs to target them with ads. The European Union is also accused of using X/Twitter to target users based on their political views and religious beliefs. Read more.