Partner
About twenty States around the country have enacted some version of a consumer data privacy or protection statute. Six such statutes were enacted in 2024, with another six slated for legislative action going into the next year. When a new consumer data protection statute is passed for consumers and businesses, among the first questions asked is whether the data protections are strong or weak. In general, business interests resist these types of statutes and regulations, while consumers want more and enhanced protections for their data. There is always a heated legislative debate to shape the statute itself, and business interests often succeed in weakening the protections. Business interests have also successfully gotten one proposed data protection statute vetoed by the State’s Governor (New Hampshire). See the media report here.
To be honest, these consumer data privacy/protection statutes are now a bit “cookie-cutter.” That is, it is very clear that a statutory template is being used when State Legislatures begin to consider enacting new statutes. There are obvious reasons why this sort of formulaic approach to lawmaking can be bad. However, on the plus side, template-style statutes make it easier to compare and contrast the statutes. This then provides a somewhat easy method of determining if a consumer data privacy statute is “strong” or “weak” — this might also be termed “business friendly” or “consumer friendly.”
For example, one hotly debated issue concerns how “consent” is defined. In all of these statutes, for certain types of data processing and other activities — such as selling/sharing data or processing data for purposes of targeted advertising — controllers of data are required to obtain a consumer’s “consent.” A “business friendly” (or “weak”) consumer data privacy statute will contain a vague definition of “consent” that, ultimately, allows businesses (and regulators) to deem consent to exist through so-called negative actions. A “negative action” is when the consumer does nothing, and that is deemed a form of consent. The Iowa Act Concerning Consumer Data Protection provides a good example:
“6. “Consent” means a clear affirmative act signifying a consumer’s freely given, specific, informed, and unambiguous agreement to process personal data relating to the consumer. “Consent” may include a written statement, including a statement written by electronic means, or any other unambiguous affirmative action.”
Legally, doing nothing is deemed in many cases to be an “affirmative action.” This definition of “consent” is very weak compared to other similar statutes. Thus, from just this one example, we can rightly determine that the Iowa statute is “business-friendly.”
On the other hand, we see a vivid contrast in the definition of “consent” in the Maryland Online Data Privacy Act (“MODPA”). The MODPA defines consent as follows:
“G) “Consent” means a clear affirmative act signifying a consumer’s freely given, specific, informed, and unambiguous agreement to allow the processing of personal data relating to the consumer for a particular purpose. “Consent” includes: (i) a written statement; (ii) a written statement by electronic means (iii) or any other unambiguous affirmative action.
“Consent does not include: (i) acceptance of a general or broad terms of use or similar document that contains descriptions of personal data processing along with other unrelated information; (ii) hovering over, muting, pausing, or closing a piece of consent; or (iii) agreement obtained through the use of dark patterns.”
From this definition, we can rightly see that the Maryland statute is “consumer friendly.”
There are a number of other issues which can be used to identify “strong” and “weak” data protection statutes. These include:
Contact the Consumer Data Privacy and Compliance Attorneys at Revision Legal
For more information, contact the experienced Consumer Data Privacy and Compliance Lawyers at Revision Legal. You can contact us through the form on this page or call (855) 473-8474.
Online affiliate marketing is big business now. Affiliate marketing, of course, has been around for a long time. Basically, a business or a person agrees to promote and recommend a product, a brand of products, or even a whole business in exchange for various things of value. Generally, the affiliate does not actually sell the […]
Read more about The Dos and Don’ts of Online Affiliate Marketing
Yes, as long as the proposed trademark meets the other requirements for registration. U.S. trademark laws do not require that only the English language can be used for trademarks. However, whatever the language, trademarks must meet the legal requirements, including functionality, distinctiveness, uniqueness, etc. For example, every trademark must function as a trademark in that […]
Read more about Can I Trademark a Non-English Word or Phrase in the U.S.?
In a new ruling, a California federal judge has declared the entirety of California’s Age-Appropriate Design Code Act (“CAADCA”) to be unconstitutional. Cal. Civ. Code §§ 1798.99.28 et seq. See media report here and the Opinion here. The case is Netchoice, LLC. v. Bonta, Case No. 22-cv-08861-BLF (US N.Dist. Cal, March 13, 2025). The CAADCA […]
Read more about California’s Age-Appropriate Design Code Act Declared Wholly Unconstitutional