On February 16, 2025 By newsroom Topic: Technology Buyers Guide
Understanding the state of digital privacy laws in the U.S. and what it means for you.
States with Privacy Laws:
- Only 18 states have enacted digital privacy laws.
- Most laws grant baseline rights:
- Access to your data.
- Deletion of your data upon request.
- Opt-out of targeted ads and data sharing.
- Some require companies to conduct risk assessments.
Key Weaknesses:
- Many laws are criticized for being too lenient, offering limited consumer protection.
- Most focus on post-collection consumer action (e.g., opting out) rather than restricting initial data collection.
Data Minimization:
- Companies should only collect data necessary for the service you requested (e.g., a flashlight app shouldn’t access your location).
- Currently, Maryland leads with strong data minimization requirements.
Universal Opt-Out Mechanisms:
- Tools like Global Privacy Control automatically signal your preferences to websites.
- Only 12 states mandate companies to honor these signals.
Authorized Agents:
- Allow third parties to manage your privacy rights (e.g., telling companies to delete or not sell your data).
- Two-thirds of states with privacy laws permit this.
Consumer Enforcement Rights:
- Only California allows private lawsuits for privacy breaches (and only for security incidents).
- Advocates push for broader private rights of action to empower consumers.
Narrow Definitions of Data Sales:
- Some laws exclude exchanges of data for non-monetary benefits, allowing companies to bypass restrictions.
Exemptions for "Pseudonymous Data":
- Loopholes for anonymized data often fail since identifiers like IP addresses can still reveal identities.
Industry-Specific Gaps:
- Sectors like healthcare and finance rely on outdated laws like HIPAA and Gramm-Leach-Bliley, leaving ambiguities.
Small Business Exemptions:
- Many laws exempt small businesses, despite their significant role in the data economy.
Enforcement Issues:
- Most laws rely on underfunded state attorneys general for enforcement, resulting in few actions against violators.
Stronger State Laws:
- Connecticut’s model includes universal opt-out and authorized agent provisions.
- Maryland’s law (2023):
- Robust data minimization.
- Protections for sensitive data (e.g., race, religion, health).
- Civil rights elements to prevent discriminatory use of data.
California’s Role:
- California Consumer Privacy Act (CCPA): Pioneered state-level privacy protections.
- Newer laws, like Maryland’s, seek to expand on California’s model.
Adjust Smartphone Settings:
- Limit GPS tracking and app permissions.
Enable Browser Privacy Features:
- Use secure browsers or privacy-protecting extensions.
Use Privacy Tools:
Be Proactive:
- Regularly review app and website privacy policies.
- Opt out of unnecessary data collection whenever possible.
While state laws are evolving, many still leave consumers vulnerable. Advocating for robust protections like data minimization, universal opt-outs, and stronger enforcement is crucial. In the meantime, individual steps can help safeguard your personal data.
