State Privacy Laws: Nebraska

Nebraska Consumer Data Protection Act (NCDPA)

Overview

The Nebraska Consumer Data Protection Act most closely resembles the Texas Data Privacy and Security Act. Unlike many other state privacy laws, the NCDPA provides no thresholds - revenue or number of consumers for which it controls or processes data - for the law to apply; therefore, its applicability is much broader than other states.

Key Dates

  • Signed into law: April 17, 2024
  • Effective date: January 1, 2025

Thresholds

The NCDPA applies to persons that conduct business in Nebraska or produce products or services consumed by Nebraska residents; process or engage in the sale of personal data; and are not a small business.

Consumer Rights

  • The right to confirm processing of personal data.
  • The right to access personal data.
  • The right to correct inaccurate personal data.
  • The right to delete personal data.
  • The right to port personal data.
  • The right to opt out of targeted advertising, sale of personal data, profiling in furtherance of decisions that produce legal or similarly significant effects.

Sensitive Data

  • Personal data revealing racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexual orientation, or citizenship or immigration status
  • Genetic or biometric data that is processed for the purpose of uniquely identifying an individual
  • Personal data collected from a known child
  • Precise location data

Penalties

Up to $7,500 for each violation of the act.

Configure Your Consent Banner for NCDPA

Regions are used to customize the behavior and experience based on an individual user’s location. As an example, this allows you to provide different experiences to users based on regional differences (like GDPR in the EU vs. NCDPA in Nebraska). When a user visits your site, we will automatically determine their location and will match them to the most granular region rule that you have setup in Concord. This can go down to the state/province level, which allows for different experiences for different laws (like NCDPA in Nebraska).

Recommended Consent Settings

Based on the current laws, we recommend the following regional settings:

  • Consent Mode: Implied
  • Blocking Mode: Strict
  • Google Consent Mode V2: Basic
  • Consent Duration: 12 months
  • Enable Limit Sensitive Information: Enabled
  • Enable Do Not Sell Consent: Enabled
  • Enable Global Privacy Control: Enabled

For step-by-step instruction on how to configure your consent banner for different geographical regions within the Concord app, see our help document https://www.concord.tech/docs/configure-consent-banner-difference-regions.

Important Note: While you can get as granular as you want, we typically recommend a single global policy that meets the strictest guidelines across regions, or higher splits (like separate GDPR and United States regions). If you have any questions on how and why to configure your regions in certain ways, please reach out to our support team.