In the constantly changing and confusing world of consumer privacy laws, it is more important than ever for businesses to evaluate and reevaluate their collection and use of personal data. There is currently no comprehensive federal consumer privacy law, but as the first quarter of 2024 comes to a close, comprehensive state consumer privacy laws have gone into effect in California, Colorado, Connecticut, Virginia and Utah. Three more states – Texas, Oregon and Montana – have enacted privacy laws that go into effect in 2024, and six states – Delaware, Iowa, New Hampshire, New Jersey, Tennessee and Indiana – have enacted privacy laws going into effect in 2025 and 2026. Seventeen additional states have active privacy law bills and are likely to pass their own privacy laws within the years to come. What this means is that consumer privacy laws are here to stay, and companies who conduct business in the United States cannot ignore their obligations under these laws. Any business that collects personal data from residents of these states may need to comply with these laws, regardless of where that business is located.
Starting in 2023, several new privacy laws go into effect in California, Virginia, Colorado, Connecticut, and Utah. These laws apply not only to businesses based in those states but to any business that meets certain thresholds and collects, stores, or processes personal information from any residents in those states. Penalties for non-compliance with these laws can be steep.
Intellectual Property partner Mary Grieco was quoted in a recent Law360 article (subscription required) on the prevalence of recent federal and state laws, like California’s Consumer Privacy Act and a U.S. Senate proposal to create a national “Do Not Track” registry, designed to increase the public’s control over the use and sale of its personal information.
Andrew Lustigman is quoted by Bloomberg BNA on Google's privacy policy
App developers on the Google Play market received warning letters from the FTC