2024 US Data Privacy Laws: Key Updates and Changes

UniConsent

6 min read
Inhaltsverzeichnis

2024 US Data Privacy Laws: Key Updates and Changes2024 US Data Privacy Laws: Key Updates and Changes

A Brief Time line

On June 21, 2022, the American Data Privacy and Protection Act (ADPPA) was introduced. The ADPPA received enough bipartisan backing to generate genuine optimism for the passage of a federal privacy law.

The ADPPA never made it to the House floor, though. In 2023, the privacy landscape saw the enactment of numerous comprehensive state data privacy laws across various jurisdictions, requiring businesses to evaluate each law individually for specific compliance requirements and consumer rights.

In April 2024, The American Privacy Rights Act (APRA), announced. By Jul 2024, additional states had enacted similar laws, and as regulatory authorities developed, enforcement actions and settlements increased. Consequently, businesses needed to prioritize compliance with data privacy laws.

Additionally, AI experienced significant growth in technology, adoption, proposed regulations, enforcement, and an Executive Order from President Biden, with further expansion of AI policies and regulations expected at the state level.

Enacted and Upcoming State Data Privacy Laws

On December 31, 2023, Utah's Consumer Privacy Act (UCPA) went into effect. This law applied to businesses with at least US$25 million in annual revenue that either (a) controlled or processed the personal information of 100,000 or more Utah consumers in a calendar year, or (b) derived more than 50 percent of their gross revenue from the sale of personal information and controlled or processed the personal information of 25,000 or more Utah consumers. Despite the 30-day cure period provided by the law, businesses were encouraged to fulfill their compliance obligations before the end of the year.

Four new state consumer privacy laws are scheduled to take effect in 2024 as APRA works to exit the committee.

On July 1, 2024, Florida's Digital Bill of Rights, Oregon's Consumer Privacy Act, and Texas' Data Privacy and Security Act went into effect.

On October 1, 2024, Montana's Consumer Data Privacy Act will come into effect.

Here are the chart that track the U.S state data privacy legislation:

STATELAW SIGNEDEFFECTIVE FROM
CALIFORNIACALIFORNIA CONSUMER PRIVACY ACTJAN. 1, 2020
COLORADOCOLORADO PRIVACY ACTJUL. 1, 2023
CONNECTICUTCONNECTICUT DATA PRIVACY ACTJUL. 1, 2023
DELAWAREDELAWARE PERSONAL DATA PRIVACY ACTJAN. 1, 2025
INDIANAINDIANA CONSUMER DATA PROTECTION ACTJAN. 1, 2026
IOWAIOWA CONSUMER DATA PROTECTION ACTJAN. 1, 2025
KENTUCKYKENTUCKY CONSUMER DATA PROTECTION ACTJAN. 1, 2026
MARYLANDMARYLAND ONLINE DATA PRIVACY ACTOCT. 1, 2025
MINNESOTAMINNESOTA CONSUMER DATA PRIVACY ACTJUL. 31, 2025
MONTANAMONTANA CONSUMER DATA PRIVACY ACTOCT. 1, 2024
NEBRASKANEBRASKA DATA PRIVACY ACTJAN. 1, 2025
NEW HAMPSHIRENEW HAMPSHIRE PRIVACY ACTJAN. 1, 2025
NEW JERSEYNEW JERSEY DATA PRIVACY ACTJAN. 15, 2025
OREGONOREGON CONSUMER PRIVACY ACTJUL. 1, 2024
TENNESSEETENNESSEE INFORMATION PROTECTION ACTJUL. 1, 2025
TEXASTEXAS DATA PRIVACY & SECURITY ACTJUL. 1, 2024
UTAHUTAH CONSUMER PRIVACY ACTDEC. 31, 2023
VIRGINIAVIRGINIA CONSUMER DATA PROTECTION ACTJAN. 1, 2023

Enforcement

Since 2023, regulatory authorities initiated enforcement sweeps and inquiries to ensure compliance.

On the federal level, the FTC took action against several businesses for issues including data breaches, unfair and deceptive disclosures related to the sharing of health data, failure to obtain parental consent for collecting children's data, and the use of dark patterns concerning children's privacy.

At the state level, California's Attorney General sent inquiries to certain employers regarding their processing of employee personal information, and the CPPA began reviewing the data privacy practices of connected vehicle manufacturers and related technologies. Similarly, Colorado's Attorney General sent inquiries to entities concerning their processing of sensitive data.

Basic Data Privacy Principles

  • Right to Access: Consumers can view the data a business collects about them and see which third parties it is shared with.
  • Right to Rectification: Consumers can ask for corrections to any inaccurate or outdated personal data.
  • Right to Erasure: Consumers can request that their personal data be deleted.
  • Right to Restrict Processing: Consumers can limit how businesses process their data.
  • Right to Data Portability: Consumers can request their data in a commonly used format.
  • Right to Opt-Out: Consumers can choose to prevent their data from being sold to third parties.

Use UniConsent to Manage the State Privacy Laws

UniConsent's Consent Management Platform (CMP), assist U.S. organizations in addressing these concerns while finding the right balance between reducing operational complexity and maintaining the flexibility needed to optimize their data practices.

If you wish to manage these laws yourself, here are a few reminders for businesses to consider in light of the constantly evolving U.S. data privacy landscape:

  • Perform Data Mapping Exercises: Ensure that data collection, sharing, and processing practices comply with new requirements and remain consistent.
  • Review External Privacy Policies: Confirm that all appropriate disclosures are included, accurate, and account for consumer rights under applicable laws.
  • Implement Opt-Out Preference Signals: Recognize and implement opt-out preferences for websites in states where these obligations will become effective in 2024, as applicable.
  • Conduct Data Protection Impact Assessments (DPIA): Perform DPIAs on personal information processing as required by applicable laws, or ensure existing DPIAs comply with relevant laws. Consider all relevant factors, such as the use of sensitive information and ADMT.
  • Review Use of Artificial Intelligence Tools: Align with published frameworks on privacy, such as the Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence, The White House's Blueprint for an AI Bill of Rights, and NIST's Artificial Intelligence Risk Management Framework. Understand all model inputs and outputs, ensure data and IP compliance, establish an internal AI policy for employee use, review external AI statements for accuracy and transparency, and integrate privacy, bias, ethics, and safety reviews into AI products.

About UniConsent

UniConsent CMP is a globally recognized and certified Consent Management Platform (CMP) catering to leading publishers and serving tens of millions of users daily. By providing a seamless privacy experience, UniConsent CMP helps businesses navigate the post-GDPR era and meet the evolving demands of data protection regulations. Contact us to learn more: hello@uniconsent.com

Activate Google Consent Mode UniConsent to enhance the accuracy of your Google Analytics and Google Ads conversion data.

Set up Google Consent Mode →

Beginnen Sie damit, Ihre Website und Anwendung gemäß EU-DSGVO, US-CPRA, CA-PIPEDA usw. konform zu machen

Registrieren

Ressourcen für die Einwilligungsmanagement-Plattform

Beginnen Sie damit, Ihre Website und Anwendung gemäß EU-DSGVO, US-CPRA, CA-PIPEDA usw. konform zu machen

Registrieren