DON’T BE EXPOSED ON DATA PRIVACY

By Tony Cline

Data privacy is a hot topic in the worlds of business and government. Around the world, more and more governments are developing data privacy laws that apply to those who conduct online business within their borders, even if the business is located outside those borders. The European Union has one of the most well-known and strictest data privacy laws known as GDPR. China, Canada, and Brazil, among others, have their own versions of a data privacy law. Some laws require specific information to be included in the website’s privacy policy, limits on what data the company may collect, with whom it may be shared and under what circumstances, and the consumer’s right to know, access, and correct or erase that data. Failure to adhere to these laws can result in very large fines.

In the United States, the only federal statute on the topic is the Children’s Online Privacy Protection Act (“COPPA”). COPPA is targeted at protecting children younger than 13-years-old from having their information collected, their activities tracked, and from being targeted in online advertising without parental consent. California was the first state to create its own data privacy law when the California Consumer Protection Act took effect in 2020. Colorado, Connecticut, Utah, and Virginia all have their own data privacy laws taking effect in 2023. These state statutes go beyond COPPA’s focus on children’s online data and extends protections to the data of all adults. These statutes variously enact restrictions on the collection of sensitive data, sharing of consumer data, and use of such data to profile consumers for advertising purposes. The laws also enshrine several shareholder rights, including the right to correct or erase the information collected, and they institute requirements on websites’ privacy policies.

Because it is likely that states will continue to legislate in this area, businesses can expect a complex regulatory environment if their websites collect consumer data. Consumer data includes information as simple as email or addresses. Violating the laws can lead to very high fines and other penalties. In order to make sure that your company is following all of the applicable laws on data privacy, contact Jesson & Rains PLLC and put our legal team to work for you.