By Jason M. Schwent, Senior Counsel, Clark Hill
Modeled in part on the expansive European Union’s General Data Protection Regulations (GDPR) which went into effect in 2018, state consumer privacy laws push companies to be more open with the public about their collection, use, and sharing of information they collect. Since 2018, the number of state consumer data privacy laws has quickly increased. Following the GDPR lead, states, again starting with California and the California Consumer Privacy Act, began passing comprehensive consumer data privacy regulations aimed at giving consumers increased rights in and to the information they provide to companies. Similar bills have now been passed in Colorado, Utah, Virginia, Connecticut and have been updated in California with the California Privacy Rights Act of 2020. In the past year alone, legislatures in the states of Iowa, Indiana, Tennessee, Montana, Florida, and Texas have each passed more comprehensive state consumer data privacy laws with more laws contemplated in even more states.
These state consumer data privacy laws require companies to provide information to the public about the information they collect, why they collect that information, what they do with the information, with whom they share that information, if they sell that information, how they protect that information, and when they delete that information. These statutes also provide the public with certain rights concerning the data that is collected from them by companies, including the right know what information is collected, to delete information, to prevent the sale of information, to correct erroneous information, and to transfer their information to another business. Regulations mandate that this information is required to be provided to the public prior to or at the time the information is collected.
There is no reason to believe that the regulatory wave of comprehensive state consumer data privacy laws is going to do anything but increase. So it is imperative that companies carefully consider their website privacy policies now, and moving forward.
The views and opinions expressed in the article represent the views of the author and not necessarily the official view of Clark Hill PLC. Nothing in this article constitutes professional legal advice nor is it intended to be a substitute for professional legal advice.
About the Author
Jason M. Schwent is Senior Counsel at Clark Hill, an international law firm. He is experienced in data privacy, intellectual property, and litigation making him a fierce advocate for his clients. His passion for protecting clients’ assets is evident whether negotiating a complicated enterprise software agreement with a Fortune 100 company or counseling a client following a data breach that exposed millions of users’ data,
Jason can be reached online at email@example.com and at our company website http://www.clarkhill.com/