The Latest Privacy Laws and Regulations and How They May Impact Brands
10/13/2022
Legislatures are on overdrive when it comes to drafting new regulations around protecting a consumer’s privacy. The momentum at which new bills are becoming law is at an all-time high. Add to this that many of these varying regulations are being decided state-by-state, making it difficult to keep track of which states have passed privacy bills that are now law, and which states have bills in the works. The challenge of staying compliant and protecting your brand is no easy feat.
Lucky for you, OptiMine is here to help. In this blog post, we will break down each privacy regulation by state to keep you up-to-date and educated on all the regulatory changes, as well as explain how these regulations will impact marketing and marketing measurement. Let’s get started!
States with Privacy Laws SIGNED
California: CCPA + Proposition 24
- CCPA
- Signed in 2018
- Was effective starting on January 1st of 2020
- Proposition 24
- Signed in 2020
- Will be fully operative by January 1, 2023
Colorado: SB 190 (also known as the Colorado Privacy Act)
- Signed in 2021
- Effective July 1, 2023
Connecticut: SB 6 (also known as the Connecticut Data Privacy Act)
- Signed in 2021
- Effective July 1, 2023
Virginia: SB 1392 (also known as the Virginia Consumer Data Protection Act)
- Signed in 2021
- Effective January 1, 2023
Utah: SB 227 (also known as the Utah Consumer Privacy Act)
- Signed in 2022
- Effective December 31, 2023
States with ACTIVE Bills (laws not passed yet)
Michigan: HB 5989 (also known as the Consumer Privacy Act)
- Was introduced in April 2022
- Currently sits in the House Committee on Communications & Technology
New Jersey: A 505 (also known as the New Jersey Disclosure and Accountability Transparency Act)
- Was introduced in January 2022
- Sits in the Assembly Science, Innovation & Technology Committee
Ohio: HB 376 (also known as the Ohio Personal Privacy Act)
- Was introduced in July 2021
- Deemed to be “informally passed” on February 16th and then was re-referred to the Rules & Reference Committee, where it now sits
Pennsylvania: HB 2202 (Consumer Data Privacy Act) + HB 2257 (Consumer Data Protection Act)
- Consumer Data Privacy Act
- Introduced in December 2021
- Currently sits in the Consumer Affairs committee
- Consumer Data Protection Act
- Introduced in January 2022
- Currently sits in the Consumer Affairs committee
Many More States have Privacy Regulations in the Works
Right now, 23 other states have drafted consumer privacy bills. It is very clear that the United States will continue to move in the direction of consumer privacy and protection.
So, How Might These Privacy Laws Impact Brands?
(1) There will be significant fines for brands that do not comply (we are already starting to see this happen) *important note: these regulations generally apply to where your customers are located, not just where your company is based
(2) Brand reputation and company growth could be negatively impacted by news of non-compliance with privacy laws
(3) Marketers will likely have data on fewer customers available to them, because consumers are being given the decision which companies they want to share their data with. This will push brands to focus on building meaningful relationships with a smaller set of customers
See below for a table that breaks down the most common privacy provisions, what they mean, and how they impact marketers:
| The Most Common Privacy Provisions | What it Means | How it Impacts Marketers |
|
Right of Access |
The right for a consumer to access the information collected about a consumer from a business and/or that has been shared with third parties |
This does not impact marketers directly, but does expose them to reputation risk if sensitive data is being shared or sold. |
|
Right of Deletion |
The right for a consumer to request deletion of personal information about the consumer under certain conditions |
Marketers must prove a “chain of custody” where they must demonstrate that the consumer data has been deleted from all systems and 3rd party partner systems. This impacts systems such as Multi-Touch Attribution (“MTA”). |
|
Nondiscrimination/ Data-Use Nondiscrimination |
A company should not discriminate against a user who has exercised their privacy rights |
Marketers cannot design apps, tools, content access that limit functionality if a user opts-out of data collection & tracking. |
|
Right of Restriction |
The right for a consumer to restrict a business’s ability to process personal information about the consumer |
Marketers must design databases and platforms that manage restrictions on a consumer level. This impacts systems such as Multi-Touch Attribution (“MTA”). |
|
Right to Opt-Out |
The right for a consumer to opt-out of the sale of personal information of the consumer to third parties |
Makes it more difficult to track consumers for ad-targeting purposes AND for marketing measurement solutions that use consumer tracking. This impacts systems such as Multi-Touch Attribution (“MTA”). |
|
Private Right of Action |
The right for a consumer to seek civil damages from a business for violations of a statute |
Makes it increasingly risky for a business to track consumers/compliance with privacy regulations— dangerous for brands’ reputation + financial risks. |
Looking for a marketing measurement solution that won’t pose a risk to you (or your brand) due to new consumer privacy laws? OptiMine doesn’t use any PII, cookies, or consumer tracking EVER, making our solution 100% risk-free. Contact us today to learn more!
Sources:
https://iapp.org/resources/article/us-state-privacy-legislation-tracker/