The Latest Privacy Laws and Regulations and How They May Impact Brands

Legislatures are on overdrive when it comes to drafting new regulations around protecting a consumer’s privacy. The momentum at which new bills are becoming law is at an all-time high. Add to this that many of these varying regulations are being decided state-by-state, making it difficult to keep track of which states have passed privacy bills that are now law, and which states have bills in the works. The challenge of staying compliant and protecting your brand is no easy feat.


Lucky for you, OptiMine is here to help. In this blog post, we will break down each privacy regulation by state to keep you up-to-date and educated on all the regulatory changes, as well as explain how these regulations will impact marketing and marketing measurement. Let’s get started!



States with Privacy Laws SIGNED



US state privacy legislation tracker 2022



California: CCPA + Proposition 24

  • CCPA
    • Signed in 2018
    • Was effective starting on January 1st of 2020


  • Proposition 24
    • Signed in 2020
    • Will be fully operative by January 1, 2023



Colorado: SB 190 (also known as the Colorado Privacy Act)

  • Signed in 2021
  • Effective July 1, 2023



Connecticut: SB 6 (also known as the Connecticut Data Privacy Act)

  • Signed in 2021
  • Effective July 1, 2023



Virginia: SB 1392 (also known as the Virginia Consumer Data Protection Act)

  • Signed in 2021
  • Effective January 1, 2023



Utah: SB 227 (also known as the Utah Consumer Privacy Act)

  • Signed in 2022
  • Effective December 31, 2023




States with ACTIVE Bills (laws not passed yet)



Michigan: HB 5989 (also known as the Consumer Privacy Act)

  • Was introduced in April 2022
  • Currently sits in the House Committee on Communications & Technology



New Jersey: A 505 (also known as the New Jersey Disclosure and Accountability Transparency Act)

  • Was introduced in January 2022
  • Sits in the Assembly Science, Innovation & Technology Committee



Ohio: HB 376 (also known as the Ohio Personal Privacy Act)

  • Was introduced in July 2021
  • Deemed to be “informally passed” on February 16th and then was re-referred to the Rules & Reference Committee, where it now sits



Pennsylvania: HB 2202 (Consumer Data Privacy Act) + HB 2257 (Consumer Data Protection Act)

  • Consumer Data Privacy Act
    • Introduced in December 2021
    • Currently sits in the Consumer Affairs committee


  • Consumer Data Protection Act
    • Introduced in January 2022
    • Currently sits in the Consumer Affairs committee




Many More States have Privacy Regulations in the Works


Right now, 23 other states have drafted consumer privacy bills. It is very clear that the United States will continue to move in the direction of consumer privacy and protection.


America with key lock over it to represent privacy



So, How Might These Privacy Laws Impact Brands?


(1) There will be significant fines for brands that do not comply (we are already starting to see this happen) *important note: these regulations generally apply to where your customers are located, not just where your company is based


(2) Brand reputation and company growth could be negatively impacted by news of non-compliance with privacy laws


(3) Marketers will likely have data on fewer customers available to them, because consumers are being given the decision which companies they want to share their data with. This will push brands to focus on building meaningful relationships with a smaller set of customers


See below for a table that breaks down the most common privacy provisions, what they mean, and how they impact marketers:



The Most Common Privacy Provisions What it Means How it Impacts Marketers

Right of Access

The right for a consumer to access the information collected about a consumer from a business and/or that has been shared with third parties

This does not impact marketers directly, but does expose them to reputation risk if sensitive data is being shared or sold.

Right of Deletion

The right for a consumer to request deletion of personal information about the consumer under certain conditions

Marketers must prove a “chain of custody” where they must demonstrate that the consumer data has been deleted from all systems and 3rd party partner systems. This impacts systems such as Multi-Touch Attribution (“MTA”).

Nondiscrimination/ Data-Use Nondiscrimination

A company should not discriminate against a user who has exercised their privacy rights

Marketers cannot design apps, tools, content access that limit functionality if a user opts-out of data collection & tracking.

Right of Restriction

The right for a consumer to restrict a business’s ability to process personal information about the consumer

Marketers must design databases and platforms that manage restrictions on a consumer level. This impacts systems such as Multi-Touch Attribution (“MTA”).

Right to Opt-Out

The right for a consumer to opt-out of the sale of personal information of the consumer to third parties

Makes it more difficult to track consumers for ad-targeting purposes AND for marketing measurement solutions that use consumer tracking. This impacts systems such as Multi-Touch Attribution (“MTA”).

Private Right of Action

The right for a consumer to seek civil damages from a business for violations of a statute

Makes it increasingly risky for a business to track consumers/compliance with privacy regulations— dangerous for brands’  reputation + financial risks.




Looking for a marketing measurement solution that won’t pose a risk to you (or your brand) due to new consumer privacy laws? OptiMine doesn’t use any PII, cookies, or consumer tracking EVER, making our solution 100% risk-free. Contact us today to learn more!