The E.U. has started handing out fines for noncompliance, including a whopping £183 million ($226 million USD) fine against British Airways for a breach of consumer data. The CCPA went into effect in January 2020. So far, no fines have been handed out. The laws had an impact well beyond their borders. GDPR applies to anyone that does business or communicates with E.U. residents. CCPA does the same when it comes to protecting California consumers.
These laws forced companies to make substantive changes to their policies, procedures, and infrastructure. Analysts at Berkeley Economic Advising and Research estimates the cost for U.S. companies to comply with CCPA could top $55 billion. Both laws, however, were just the beginning. More than 16 states are evaluating potential legislation to protect consumer data. 10 states have introduced bills.
A State by State Look at Pending Data Privacy Legislation
- Florida (SB 1670 and HB 963)
- Hawaii (SB 418)
- Illinois (SB 2330)
- Maryland (SB 957 and HB 784)
- Minnesota (HF 2917 and SF 2912)
- Nebraska (Legislative Bill 746)
- New Hampshire (House Bill 1680)
- New York (S 224, A 3739, S 5642, and A 8526)
- Pennsylvania (HB 1049)
- Virginia (H 473)
Common Provisions of Pending Digital Privacy Legislation
While each of the bills has different provisions, levels of compliance, and enforcement measures, there are several common provisions. Here are the items that all of them address in some way:
- The right to access personal information that has been collected
- The right of access to any personal information shared with a third party
- The right to any correct data that is incorrect or outdated
- The right to request deletion of personal data
- The right to restrict what a business does with the data
- The right to access data and data portability in a format accessible to consumers
- The right to opt out of the sale of personal information
- The right against “solely automated decision making”
- A consumer right to seek civil damages for violations
- An affirmative opt-in for the sale of personal information
- Notice and transparency requirements about data practices and privacy operations
- A mandate to notify consumers that are affected by data breaches
- Formal risk assessments
- No retaliation or discrimination against consumers that exercise these rights
- Prohibition against collecting personal information except for a specific, stated purpose
- Prohibition against processing personal information except for the intended purpose
National Data Privacy Legislation Is under Discussion
On top of all this, there is a national movement ongoing. Two Senate groups each released drafts of privacy bills: The United States Consumer Data Privacy Act (USCDPA) and the Consumer Online Privacy Rights Act (COPRA). The National Law Review has a good examination of the two pieces and how they differ.
Nearly Every Business Will Feel the Impact of Data Privacy Legislation
These laws and regulations will affect nearly every business regardless of their trade areas. It can be difficult for companies to stay on top of it all. It will likely mean significant changes to comply with all the various regulations and versions, especially if an organization does business across state lines.
Admiral's Visitor Relationship Management platform helps publishers with data privacy consent management, as well as adblock recovery, growing paid subscriptions, and email or social signups. Contact Us to learn more about our easy to implement consent management platform and how we can help publishers with data privacy concerns.