Tennessee Information Protection Act: What Consumer Rights are Protected? featured image

Tennessee Information Protection Act: What Consumer Rights are Protected?

by John DiGiacomo

Partner

Internet Law

As discussed in related articles on our website, in May 2023, Tennessee enacted its version of a consumer data/information protection statute called the Tennessee Information Protection Act (“TIPA”). As of late 2023, about eleven States have enacted consumer data/information privacy statutes, and about a dozen more are contemplating such statutes. Revision Legal has written a number of articles related to those statutes. In this article, the Internet and Consumer Privacy Compliance lawyers at Revision Legal provide a summary of what consumer rights are protected by the TIPA.

To offer a brief summary, the TIPA is typical of similar statutes in this respect. The general framework is about providing various rights to consumers, requiring that consumers receive various notices and requiring the obtaining of consumer consent for various actions by data controllers and processors, including the use of personal data for targeted advertising and profiling.

What Rights are Protected?

The list of consumer data/information rights that are protected by the TIPA are typical of those protected by similar statutes. These include the right to know, to delete and correct information, the right to consent and portability. In particular, the TIPA gives consumers the right to:

  • Know whether a controller is processing the consumer’s data — “processing” includes the idea of “collecting”
  • Know what data is currently held by a controller/processor
  • Know why data is collected and processed — that is, to know the “business purposes” for which the data is being processed
  • To access that data and to obtain a portable copy of said data
  • To request correction of inaccuracies in the personal data
  • To require the deletion of personal data
  • To “opt out” of having personal data collected and processed for purposes of the sale/sharing of said data, targeting advertising, or profiling — note that the TIPA does not require controllers to recognize or obey universal opt-out mechanisms.
  • To not be retaliated against for exercising one’s rights

This is the standard list with nothing notable added or omitted. In addition, the TIPA mandates an appeal procedure if data controllers refuse requests by consumers such as the request to correct or delete data/information.

What are the Exceptions and Carve-Outs?

The “wiggle-room” for these consumer privacy statutes is found in the definitions of what “data” is covered and the various exceptions, carve-outs and what type of entities are exempt.

As we noted in another article related to the TIPA, the TIPA can be deemed a “business-friendly” version of these consumer rights statutes. Consistent with this, excluded data includes any collection/processing of data where the “consumer” is engaged in business or employment-related activity. Thus, no data protection for your job application, for example. The TIPA also excludes any data that is considered pseudonymous. This is data that can be recombined with other data, with minimal processing, to specifically identify natural persons. This means that, under the TIPA, a set of pseudonymous data can be sold (without notice or consent) to a third party, which can be combined with other data sets to reveal the customer’s identity. This is a notable divergence from similar statutes. Other exclusions related to data are standard, such as the exclusion of data that is collected and processed pursuant to various federal statutes, health data, etc.

The TIPA also has an exemption for state-licensed insurance companies (another notable diversion from similar statutes). Other entity exemptions are the typical ones like those for government agencies, financial institutions, not-for-profit organizations, those engaged in research, etc.

Contact the Consumer Data Privacy and Compliance Attorneys at Revision Legal

For more information, contact the experienced Consumer Data Privacy and Compliance Lawyers at Revision Legal. You can contact us through the form on this page or call (855) 473-8474.

Extra, Extra!
Recent Posts

Does the AI-Copyright Legal Fight Represent a National Security Threat?

Does the AI-Copyright Legal Fight Represent a National Security Threat?

Copyright

The holders of copyrights for newspapers, magazines, books, and other publications are involved in numerous legal battles with owners of AI modules over alleged copyright infringement. The plaintiff copyright owners claim that the AI large language modules have been trained on huge quantities of copyrighted materials without permission and — most importantly — without payment. […]

Read more about Does the AI-Copyright Legal Fight Represent a National Security Threat?

How Does Buy-Sell Insurance Work For An Owners’ Agreement?

How Does Buy-Sell Insurance Work For An Owners’ Agreement?

Corporate

The owners of most small, closely-held businesses negotiate and sign some form of an “Owner’s Agreement.” An important part of such Agreements is the “Buy-Sell” provisions. These are often some of the most difficult to negotiate. The gist of the buy-sell part of the Owners’ Agreement is to establish the rules for what happens if […]

Read more about How Does Buy-Sell Insurance Work For An Owners’ Agreement?

Status on Social Media Moderation Statutes and Cases

Status on Social Media Moderation Statutes and Cases

Internet Law

Social media content moderation by technology platforms was one of the “hot” legal topics in 2023-2024. Three States — California, Texas, and Florida — passed different statutes to either require more content moderation (California) or to limit such moderation (Texas and Florida). All the statutes, in one way or another, demanded more transparency and information […]

Read more about Status on Social Media Moderation Statutes and Cases

Put Revision Legal on your side

Let's Discuss Your Case