There has been an important shift in the digital landscape that we want to help raise awareness about. That shift is the patchwork of state-level legislation that has been passed around consumer data protection and privacy. These policies are important to your business because they not only impact the information you disclose on data collection for targeted advertising in the privacy policy on your site – they also require you to provide an opt-out solution for targeted advertising.

 

Overview of Privacy Laws by State

To get started, here’s a quick list of privacy legislation listed by the date it is scheduled to go into effect and the state in which it applies.

Below are the states with new Privacy Laws that have gone into effect in 2023.

• Virginia Consumer Data Protection Act (VCDPA), effective January 1, 2023
• California Privacy Rights Act (CPRA), effective January 1, 2023
• Colorado Privacy Act (CPA), effective July 1, 2023
• Connecticut SB6, effective July 1, 2023
• Utah Consumer Privacy Act (UCPA), effective December 31, 2023

In addition, these states have new Privacy Laws that will go into effect in the future.

• Texas Data Privacy and Security Act (TDPSA), effective July 1, 2024
• Montana Consumer Data Privacy Act (MCDPA), effective October 1, 2024
• Tennessee Information Protection Act (TIPA), effective July 1, 2025
• Iowa SF262, effective January 1, 2026
• Indiana SB5, effective July 1, 2026

While the laws vary by state, there are some commonalities that are emerging. What we’ve noticed in reviewing these policies is that in most cases, companies are subject to these new laws if they meet the following criteria:

• Have an annual gross revenue that exceeds $25,000,000.
• Control or process the personal data of 100,000 or more state residents.
• Control or process the personal data of 25,000 or more state residents AND derived 25%-50% or more of their gross revenue from the sale of personal data.

 

Possible Solutions for Marketing & Legal Teams to Explore

Therefore, if your company meets the criteria listed above, you’ll want to conduct further research and possibly consult with your legal counsel to determine what, if any, policies and processes need to change within your company and marketing technology configuration. We’ve listed a few examples of the the solutions you may want to explore below:

• Cookie Consent Solution, that allows users to opt out of targeted ads on your website.
• Review your Privacy Policy to ensure it is up-to-date.
• Review your current data collection practices to ensure you’re not exceeding the numbers listed in the above criteria.

 

Privacy Policy Tools/Generators

Lastly, with the shifting privacy landscape at home and abroad, several businesses have been created that focus specifically on solving this problem. To help you get started, we’ve created a list of some of those companies below.  And, some of them offer their services for as low as $100/year. Criteria you may want to use when evaluating these companies are 

1. Customization – Do they have a solution that works for the unique needs of your company?
2. Monitoring/Service Area – Do they cover international laws?  How frequently do they make updates?
3. Notification – How will you be notified of the updates they make to your privacy policy?

Termageddon

GetTerms.io

Iubenda

Termly

Hopefully this overview helps you initiate those important privacy conversations within your organization. If you have any questions on how data is currently being used in your advertising campaigns, KOSE is happy to join those conversations.

 

Disclaimer:  We are not lawyers, and the information provided should not be construed as legal advice. The responses and information shared are based on general knowledge and should not be considered a substitute for professional legal guidance. If you require legal advice or have specific concerns, it is recommended to consult with a qualified attorney or legal professional who can provide you with tailored advice based on your unique circumstances.