Data Privacy Laws: What You Need to Know in 2024

<!doctype html><html lang="en"><head> <meta charset="utf-8"> <title>Data Privacy Laws: What You Need to Know in 2024 | Osano</title> <link rel="shortcut icon" href="https://www.osano.com/hubfs/v2/icons/favicon/ms-icon-310x310.png"> <meta name="description" content="States and countries are rapidly enacting data privacy laws. Learn about new laws and how they might impact your business operations in 2024 and beyond."> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta property="og:description" content="States and countries are rapidly enacting data privacy laws. Learn about new laws and how they might impact your business operations in 2024 and beyond."> <meta property="og:title" content="Data Privacy Laws: What You Need to Know in 2024"> <meta name="twitter:description" content="States and countries are rapidly enacting data privacy laws. Learn about new laws and how they might impact your business operations in 2024 and beyond."> <meta name="twitter:title" content="Data Privacy Laws: What You Need to Know in 2024"> <style> a.cta_button{-moz-box-sizing:content-box !important;-webkit-box-sizing:content-box !important;box-sizing:content-box !important;vertical-align:middle}.hs-breadcrumb-menu{list-style-type:none;margin:0px 0px 0px 0px;padding:0px 0px 0px 0px}.hs-breadcrumb-menu-item{float:left;padding:10px 0px 10px 10px}.hs-breadcrumb-menu-divider:before{content:'›';padding-left:10px}.hs-featured-image-link{border:0}.hs-featured-image{float:right;margin:0 0 20px 20px;max-width:50%}@media (max-width: 568px){.hs-featured-image{float:none;margin:0;width:100%;max-width:100%}}.hs-screen-reader-text{clip:rect(1px, 1px, 1px, 1px);height:1px;overflow:hidden;position:absolute !important;width:1px} </style> <link rel="stylesheet" href="https://www.osano.com/hs-fs/hub/4785246/hub_generated/template_assets/107540355660/1728402644863/Osano/css/main.min.css"> <link rel="stylesheet" href="https://www.osano.com/hs-fs/hub/4785246/hub_generated/template_assets/107541060353/1715363946157/Osano/css/templates/blog.min.css"> <link rel="stylesheet" href="https://www.osano.com/hs-fs/hub/4785246/hub_generated/module_assets/112224055108/1706649595039/module_112224055108_Announcement_Bar.min.css"> <link rel="stylesheet" href="https://www.osano.com/hs-fs/hub/4785246/hub_generated/module_assets/111415423003/1727864669955/module_111415423003_Header.min.css"> <link rel="stylesheet" href="https://www.osano.com/hs-fs/hub/4785246/hub_generated/module_assets/113269451948/1728404785229/module_113269451948_Hero_-_Blog_Detail.min.css"> <link rel="stylesheet" href="https://www.osano.com/hs-fs/hub/4785246/hub_generated/module_assets/112722358402/1706649589141/module_112722358402_Blog_Form.min.css"> <link rel="stylesheet" href="https://www.osano.com/hs-fs/hub/4785246/hub_generated/module_assets/113754010995/1706649588699/module_113754010995_Blog_Detail_-_Special_Modules.min.css"> <link rel="stylesheet" href="https://www.osano.com/hs-fs/hub/4785246/hub_generated/module_assets/113797666745/1725026884546/module_113797666745_Blog_-_Latest_Articles.min.css"> <link rel="stylesheet" href="https://www.osano.com/hs-fs/hub/4785246/hub_generated/module_assets/113743004473/1706649588360/module_113743004473_Blog_Detail_-_Conversion_Panel.min.css"> <link rel="stylesheet" href="https://www.osano.com/hs-fs/hub/4785246/hub_generated/module_assets/107544076640/1706649594681/module_107544076640_Site_Footer.min.css"> <style> @font-face { font-family: "Jost"; src: url("https://www.osano.com/hubfs/Jost-500-MediumItalic.woff") format("woff"); font-display: swap; font-weight: 500; font-style: italic; } @font-face { font-family: "Jost"; src: url("https://www.osano.com/hubfs/Jost-100-HairlineItalic.woff") format("woff"); font-display: swap; font-weight: 200; font-style: italic; } @font-face { font-family: "Jost"; src: url("https://www.osano.com/hubfs/Jost-900-Black.woff") format("woff"); font-display: swap; font-weight: 900; } @font-face { font-family: "Jost"; src: url("https://www.osano.com/hubfs/Jost-800-HeavyItalic.woff") format("woff"); font-display: swap; font-weight: 800; font-style: italic; } @font-face { font-family: "Jost"; src: url("https://www.osano.com/hubfs/Jost-700-BoldItalic.woff") format("woff"); font-display: swap; font-weight: 700; font-style: italic; } @font-face { font-family: "Jost"; src: url("https://www.osano.com/hubfs/Jost-700-Bold.woff") format("woff"); font-display: swap; font-weight: 700; } @font-face { font-family: "Jost"; src: url("https://www.osano.com/hubfs/Jost-500-Medium.woff") format("woff"); font-display: swap; font-weight: 500; } @font-face { font-family: "Jost"; src: url("https://www.osano.com/hubfs/Jost-600-Semi.woff") format("woff"); font-display: swap; font-weight: 600; } @font-face { font-family: "Jost"; src: url("https://www.osano.com/hubfs/Jost-900-BlackItalic.woff") format("woff"); font-display: swap; font-weight: 900; font-style: italic; } @font-face { font-family: "Jost"; src: url("https://www.osano.com/hubfs/Jost-300-LightItalic.woff") format("woff"); font-display: swap; font-weight: 300; font-style: italic; } @font-face { font-family: "Jost"; src: url("https://www.osano.com/hubfs/Jost-400-BookItalic.woff") format("woff"); font-display: swap; font-weight: 400; font-style: italic; } @font-face { font-family: "Jost"; src: url("https://www.osano.com/hubfs/Jost-400-Book.woff") format("woff"); font-display: swap; font-weight: 400; } @font-face { font-family: "Jost"; src: url("https://www.osano.com/hubfs/Jost-100-Hairline.woff") format("woff"); font-display: swap; font-weight: 200; } @font-face { font-family: "Jost"; src: url("https://www.osano.com/hubfs/Jost-200-ThinItalic.woff") format("woff"); font-display: swap; font-weight: 100; font-style: italic; } @font-face { font-family: "Jost"; src: url("https://www.osano.com/hubfs/Jost-800-Heavy.woff") format("woff"); font-display: swap; font-weight: 800; } @font-face { font-family: "Jost"; src: url("https://www.osano.com/hubfs/Jost-300-Light.woff") format("woff"); font-display: swap; font-weight: 300; } @font-face { font-family: "Jost"; src: url("https://www.osano.com/hubfs/Jost-200-Thin.woff") format("woff"); font-display: swap; font-weight: 100; } @font-face { font-family: "Jost"; src: url("https://www.osano.com/hubfs/Jost-600-SemiItalic.woff") format("woff"); font-display: swap; font-weight: 600; font-style: italic; } </style> <script type="application/ld+json"> { "mainEntityOfPage" : { "@type" : "WebPage", "@id" : "https://www.osano.com/articles/data-privacy-laws" }, "author" : { "name" : "Osano Staff", "url" : "https://www.osano.com/articles/author/staff", "@type" : "Person" }, "headline" : "Data Privacy Laws: What You Need to Know in 2024", "datePublished" : "2024-08-12T12:17:00.000Z", "dateModified" : "2024-09-24T10:08:35.759Z", "publisher" : { "name" : "Osano, Inc.", "logo" : { "url" : "https://www.osano.com/hubfs/assets/logos/logo_default.png", "@type" : "ImageObject" }, "@type" : "Organization" }, "@context" : "https://schema.org", "@type" : "BlogPosting", "image" : [ "https://www.osano.com/hubfs/Data%20Privacy%20Laws%20%281%29.png" ] } </script> <meta charset="UTF-8"> <meta name="referrer" content="same-origin"> <meta http-equiv="Content-Security-Policy" content="default-src data: https:; script-src 'unsafe-inline' 'unsafe-eval' https:; worker-src blob: https:; object-src 'none'; style-src data: 'unsafe-inline' https:; img-src data: https:; media-src data: https: blob:; frame-src https:; font-src data: https:; connect-src data: https:"> <meta name="referrer" content="strict-origin-when-cross-origin"> <meta name="msapplication-TileColor" content="%23ffffff"> <meta name="msapplication-TileImage" content="https://www.osano.com/hubfs/v2/icons/favicon/ms-icon-144x144.png"> <meta name="theme-color" content="%23ffffff"> <link rel="apple-touch-icon" sizes="57x57" href="https://www.osano.com/hubfs/v2/icons/favicon/apple-icon-57x57.png"> <link rel="apple-touch-icon" sizes="60x60" href="https://www.osano.com/hubfs/v2/icons/favicon/apple-icon-60x60.png"> <link rel="apple-touch-icon" sizes="72x72" href="https://www.osano.com/hubfs/v2/icons/favicon/apple-icon-72x72.png"> <link rel="apple-touch-icon" sizes="76x76" href="https://www.osano.com/hubfs/v2/icons/favicon/apple-icon-76x76.png"> <link rel="apple-touch-icon" sizes="114x114" href="https://www.osano.com/hubfs/v2/icons/favicon/apple-icon-114x114.png"> <link rel="apple-touch-icon" sizes="120x120" href="https://www.osano.com/hubfs/v2/icons/favicon/apple-icon-120x120.png"> <link rel="apple-touch-icon" sizes="144x144" href="https://www.osano.com/hubfs/v2/icons/favicon/apple-icon-144x144.png"> <link rel="apple-touch-icon" sizes="152x152" href="https://www.osano.com/hubfs/v2/icons/favicon/apple-icon-152x152.png"> <link rel="apple-touch-icon" sizes="180x180" href="https://www.osano.com/hubfs/v2/icons/favicon/apple-icon-180x180.png"> <link rel="icon" type="image/png" sizes="192x192" href="https://www.osano.com/hubfs/v2/icons/favicon/android-icon-192x192.png"> <link rel="icon" type="image/png" sizes="32x32" href="https://www.osano.com/hubfs/v2/icons/favicon/favicon-32x32.png"> <link rel="icon" type="image/png" sizes="96x96" href="https://www.osano.com/hubfs/v2/icons/favicon/favicon-96x96.png"> <link rel="icon" type="image/png" sizes="16x16" href="https://www.osano.com/hubfs/v2/icons/favicon/favicon-16x16.png"> <link rel="manifest" href="https://www.osano.com/hubfs/v2/icons/favicon/manifest.json"> <script> window.dataLayer = window.dataLayer ||[]; function gtag(){dataLayer.push(arguments);} gtag('consent','default',{ 'ad_storage':'denied', 'analytics_storage':'denied', 'ad_user_data':'denied', 'ad_personalization':'denied', 'personalization_storage':'denied', 'functionality_storage':'granted', 'security_storage':'granted', 'wait_for_update': 500 }); gtag("set", "ads_data_redaction", true); </script> <link rel="preload" as="script" href="https://cmp.osano.com/2sUBzx7wRdAfu6J2kkS/8e547744-886f-4a9b-a90f-7e96a47aa604/osano.js"><script src="https://cmp.osano.com/2sUBzx7wRdAfu6J2kkS/8e547744-886f-4a9b-a90f-7e96a47aa604/osano.js"></script> <script> var consentStatus = { "ESSENTIAL": "ACCEPT", "ANALYTICS": "DENY", "MARKETING": "DENY", "PERSONALIZATION": "DENY" }; var clearedCookies = false; function clearCookies(o){ if(typeof(o) === "object" && o.ANALYTICS == "DENY" && clearedCookies === false){ var _hsp = window._hsp = window._hsp || []; _hsp.push(['revokeCookieConsent']); var _paq = window._paq = window._paq || []; _paq.push(['disableCookies']); clearedCookies = true; console.log("Cleared Cookies"); } } if(typeof(window.Osano) === "object"){ window.Osano.cm.addEventListener("osano-cm-consent-saved", function (consent) { if(typeof(consent) === "object"){ consentStatus = consent; clearCookies(consent); } }); window.Osano.cm.addEventListener("osano-cm-initialized", function (consent) { if(typeof(consent) === "object"){ consentStatus = consent; clearCookies(consent);}}); } </script> <script> window.hsSetTimeout = window.setTimeout; window.setTimeout = function(func, delay) { if(delay === 99000){ delay = 0; } return window.hsSetTimeout(function() {try {func();} catch (e) {throw e;}}, delay);}; window.hsConversationsSettings = { loadImmediately: false }; window.addEventListener('load', function () { if (window.HubSpotConversations) { onConversationsAPIReady(); } else { window.hsConversationsOnReady = [onConversationsAPIReady]; } }); function onConversationsAPIReady() { window.HubSpotConversations.widget.load(); } </script> <script type="application/ld+json">{"@context": "https://schema.org","@type": "WebSite","url": "https://www.osano.com/","potentialAction": {"@type": "SearchAction","target": "https://www.osano.com/search?term={search_term_string}","query-input": "required name=search_term_string" } }</script> <style>@media print { div#hubspot-messages-iframe-container, .osano-cm-window { display: none!important; } }</style> <style> header { animation: leadinModal-dropin 0.5s; -webkit-animation: leadinModal-dropin 0.5s; -webkit-backface-visibility: hidden; top: 0px; } div.leadinModal.leadinModal-theme-top { z-index: 96; } div.leadinModal.leadinModal-theme-top.leadinModal-hidden { display: block; } div.leadinModal.leadinModal-theme-top.leadinModal-hidden > div.leadinModal-overlay, div.leadinModal.leadinModal-theme-top.leadinModal-hidden > div.leadinModal-content { animation: none; -webkit-animation:none; -moz-animation: none; -o-animation: none; } div.leadinModal.leadinModal-theme-top.leadinModal-closing { animation: leadinModal-dropout 0.5s; -webkit-animation: leadinModal-dropout 0.5s; -webkit-backface-visibility: hidden; } @keyframes bgPulse { 0% { background: inherit; } 40% { background: #7a3ff1; } 50% { background: inherit; } 70% { background: #7a3ff1; } 80% { background: inherit; } } div.leadinModal-theme-top > div.leadinModal-content > div.leadinModal-content-wrapper { animation: bgPulse 5s infinite linear; -webkit-animation: bgPulse 5s infinite linear; } </style> <link rel="amphtml" href="https://www.osano.com/articles/data-privacy-laws?hs_amp=true"> <meta property="og:image" content="https://www.osano.com/hubfs/Data%20Privacy%20Laws%20%281%29.png"> <meta property="og:image:alt" content="world map with cookie consent banner overlaid"> <meta name="twitter:image" content="https://www.osano.com/hubfs/Data%20Privacy%20Laws%20%281%29.png"> <meta name="twitter:image:alt" content="world map with cookie consent banner overlaid"> <meta property="og:url" content="https://www.osano.com/articles/data-privacy-laws"> <meta name="twitter:card" content="summary"> <meta name="twitter:creator" content="@osano"> <link rel="canonical" href="https://www.osano.com/articles/data-privacy-laws"> <style> table { font-size: 1rem; } table > thead > tr { background-color: #37cd8f; color: white; font-weight: bold; text-align: center; } .entry-content table:not(.wp-block-table) th:last-child { border-bottom: 2px solid #dee2e6; } </style> <meta property="og:type" content="article"> <link rel="alternate" type="application/rss+xml" href="https://www.osano.com/articles/rss.xml"> <meta name="twitter:domain" content="www.osano.com"> <meta name="twitter:site" content="@Osano"> <meta http-equiv="content-language" content="en"> <meta name="generator" content="HubSpot"></head> <body> <div class="body-wrapper hs-content-id-13785924636 hs-blog-post hs-blog-id-9895000587" data-page="articles/data-privacy-laws"> <div data-global-resource-path="Osano/templates/partials/header.html"> <header class="header header-main"> <div class="container"> <div class="row mx-0 align-items-center"> <a class="d-inline-flex header__logo" href="https://www.osano.com"> <img src="https://www.osano.com/hubfs/Imported%20images/Logo.svg" alt="Logo" loading="lazy" width="142" height="32" style="max-width: 100%; height: auto;"> </a> <ul class="header__top-menu-wrapper header__menu-wrapper "> <li> <a href="javascript:void(0);" class="open-sub-menu"> <span> Platform </span> <svg xmlns="http://www.w3.org/2000/svg" width="12" height="8" viewbox="0 0 12 8" fill="none"> <path d="M1 1.5L6 6.5L11 1.5" stroke="white" stroke-width="1.66667" stroke-linecap="round" stroke-linejoin="round" /> </svg> </a> <div class="header__submenu-wrapper"> <div class="platform_menu"> <ul> <li class="header__submenu-header hover-arrow "> <h5 class=""> <span> The Osano Platform Overview </span> <svg xmlns="http://www.w3.org/2000/svg" width="13" height="12" viewbox="0 0 13 12" fill="none"> <path d="M1.41699 6H11.917M11.917 6L6.66699 0.75M11.917 6L6.66699 11.25" stroke="white" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round" /> </svg> </h5> <p> Get an overview of the simple, all-in-one data privacy platform </p> <a class="mask-link" href="https://www.osano.com/products"> </a> </li> <div class="platform"> <li class="header__submenu-list-item"> <img src="https://www.osano.com/hubfs/Imported%20sitepage%20images/header__icon-1.svg" alt="header__icon-1" loading="lazy" width="21" height="20" style="max-width: 100%; height: auto;"> <div> <h5> Cookie Consent </h5> <p> Manage consent for data privacy laws in 50+ countries </p> </div> <a class="mask-link" href="https://www.osano.com/cookieconsent"> </a> </li> <li class="header__submenu-list-item"> <img src="https://www.osano.com/hubfs/Imported%20sitepage%20images/user-square.svg" alt="user-square" loading="lazy" width="24" height="24" style="max-width: 100%; height: auto;"> <div> <h5> Subject Rights Management </h5> <p> Streamline and automate the DSAR workflow </p> </div> <a class="mask-link" href="https://www.osano.com/products/subject-rights"> </a> </li> <li class="header__submenu-list-item"> <img src="https://www.osano.com/hubfs/marketing/assets/icons/assessments%20primary%20200.svg" alt="assessments primary 200" loading="lazy" width="24" height="24" style="max-width: 100%; height: auto;"> <div> <h5> Assessments </h5> <p> Efficiently manage assessment workflows using custom or pre-built templates </p> </div> <a class="mask-link" href="https://www.osano.com/products/privacy-assessments"> </a> </li> <li class="header__submenu-list-item"> <img src="https://www.osano.com/hubfs/marketing/assets/icons/Unified%20Consent%20primary%20200.svg" alt="Unified Consent primary 200" loading="lazy" width="24" height="24" style="max-width: 100%; height: auto;"> <div> <h5> Unified Consent & Preference Hub </h5> <p> Streamline consent, utilize non-cookie data, and enhance customer trust </p> </div> <a class="mask-link" href="https://www.osano.com/products/unified-consent-preference-hub"> </a> </li> <li class="header__submenu-list-item"> <img src="https://www.osano.com/hubfs/marketing/assets/icons/data%20mapping%20primary%20200.svg" alt="data mapping primary 200" loading="lazy" width="24" height="24" style="max-width: 100%; height: auto;"> <div> <h5> Data Mapping </h5> <p> Automate and visualize data store discovery and classification </p> </div> <a class="mask-link" href="https://www.osano.com/products/data-mapping"> </a> </li> <li class="header__submenu-list-item"> <img src="https://www.osano.com/hubfs/Imported%20sitepage%20images/shield-tick.svg" alt="shield-tick" loading="lazy" width="24" height="24" style="max-width: 100%; height: auto;"> <div> <h5> Vendor Privacy Risk Management </h5> <p> Ensure your customers’ data is in good hands </p> </div> <a class="mask-link" href="https://www.osano.com/products/vendor-risk"> </a> </li> </div> </ul> <ul> <li class="header__submenu-header "> <h5 class=""> <span> Features & Integrations </span> </h5> <p> Key Features & Integrations </p> </li> <div class="features"> <li class="header__submenu-list-item"> <div> <h5> Privacy Templates </h5> </div> <a class="mask-link" href="https://www.osano.com/features/privacy-templates"> </a> </li> <li class="header__submenu-list-item"> <div> <h5> GDPR Representative </h5> </div> <a class="mask-link" href="https://www.osano.com/features/gdpr-representative"> </a> </li> <li class="header__submenu-list-item"> <div> <h5> Consult Privacy Team </h5> </div> <a class="mask-link" href="https://www.osano.com/features/privacy-experts"> </a> </li> <li class="header__submenu-list-item"> <div> <h5> Regulatory Guidance </h5> </div> <a class="mask-link" href="https://www.osano.com/features/regulatory-guidance"> </a> </li> <li class="header__submenu-list-item"> <div> <h5> Integrations </h5> </div> <a class="mask-link" href="https://developers.osano.com/integrations/" target="_blank" rel="noopener"> </a> </li> </div> </ul> </div> </div> </li> <li> <a href="javascript:void(0);" class="open-sub-menu"> <span> Solutions </span> <svg xmlns="http://www.w3.org/2000/svg" width="12" height="8" viewbox="0 0 12 8" fill="none"> <path d="M1 1.5L6 6.5L11 1.5" stroke="white" stroke-width="1.66667" stroke-linecap="round" stroke-linejoin="round" /> </svg> </a> <div class="header__submenu-wrapper"> <ul class=" "> <li class="header__submenu-header "> <h5 class=""> <span> By Regulation </span> </h5> </li> <li class="header__submenu-list-item"> <div> <h5> CPRA </h5> <p> Discover how Osano supports CPRA compliance </p> </div> <a class="mask-link" href="https://www.osano.com/solutions/cpra-compliance-software"> </a> </li> <li class="header__submenu-list-item"> <div> <h5> CCPA </h5> <p> Learn about the CCPA and how Osano can help </p> </div> <a class="mask-link" href="https://www.osano.com/solutions/ccpa-compliance-software"> </a> </li> <li class="header__submenu-list-item"> <div> <h5> GDPR </h5> <p> Achieve compliance with one of the world’s most comprehensive data privacy laws </p> </div> <a class="mask-link" href="https://www.osano.com/solutions/gdpr-compliance-software"> </a> </li> </ul> <ul class=" "> <li class="header__submenu-header "> <h5 class=""> <span> By Organization Type </span> </h5> </li> <li class="header__submenu-list-item"> <img src="https://www.osano.com/hubfs/Imported%20sitepage%20images/Icon%20(10).svg" alt="Icon (10)" loading="lazy" width="23" height="12" style="max-width: 100%; height: auto;"> <div> <h5> Start-Up </h5> <p> Don’t let data privacy compliance get in the way of growth </p> </div> <a class="mask-link" href="https://www.osano.com/solutions/start-up-privacy-software"> </a> </li> <li class="header__submenu-list-item"> <img src="https://www.osano.com/hubfs/Imported%20sitepage%20images/Icon%20(11).svg" alt="Icon (11)" loading="lazy" width="21" height="20" style="max-width: 100%; height: auto;"> <div> <h5> Mid-Sized </h5> <p> Preserve your competitive edge </p> </div> <a class="mask-link" href="https://www.osano.com/solutions/mid-sized-privacy-software"> </a> </li> <li class="header__submenu-list-item"> <img src="https://www.osano.com/hubfs/Imported%20sitepage%20images/Icon%20(12).svg" alt="Icon (12)" loading="lazy" width="23" height="20" style="max-width: 100%; height: auto;"> <div> <h5> Enterprise </h5> <p> Manage data privacy at scale </p> </div> <a class="mask-link" href="https://www.osano.com/solutions/enterprise-privacy-software"> </a> </li> </ul> <ul class=" "> <li class="header__submenu-header "> <h5 class=""> <span> By Use Case </span> </h5> </li> <li class="header__submenu-list-item"> <img src="https://www.osano.com/hubfs/Imported%20sitepage%20images/Path.svg" alt="Path" loading="lazy" width="21" height="22" style="max-width: 100%; height: auto;"> <div> <h5> Consent Management </h5> <p> Manage consent without the complexity </p> </div> <a class="mask-link" href="https://www.osano.com/solutions/consent-management-platform"> </a> </li> <li class="header__submenu-list-item"> <img src="https://www.osano.com/hubfs/Imported%20sitepage%20images/Icon%20(14).svg" alt="Icon (14)" loading="lazy" width="21" height="22" style="max-width: 100%; height: auto;"> <div> <h5> DSAR Automation </h5> <p> Never miss a DSAR deadline again </p> </div> <a class="mask-link" href="https://www.osano.com/products/subject-rights"> </a> </li> <li class="header__submenu-list-item"> <img src="https://www.osano.com/hubfs/Imported%20sitepage%20images/Icon%20(16).svg" alt="Icon (16)" loading="lazy" width="23" height="22" style="max-width: 100%; height: auto;"> <div> <h5> Privacy Program Management </h5> <p> Build and grow an end-to-end privacy program </p> </div> <a class="mask-link" href="https://www.osano.com/solutions/privacy-program-management-software"> </a> </li> <li class="header__submenu-list-item"> <img src="https://www.osano.com/hubfs/Imported%20sitepage%20images/Icon%20(15).svg" alt="Icon (15)" loading="lazy" width="19" height="22" style="max-width: 100%; height: auto;"> <div> <h5> Vendor Risk Management </h5> <p> Regain insight and control over your customers’ data </p> </div> <a class="mask-link" href="https://www.osano.com/products/vendor-risk"> </a> </li> </ul> </div> </li> <li> <a href="javascript:void(0);" class="open-sub-menu"> <span> Resources </span> <svg xmlns="http://www.w3.org/2000/svg" width="12" height="8" viewbox="0 0 12 8" fill="none"> <path d="M1 1.5L6 6.5L11 1.5" stroke="white" stroke-width="1.66667" stroke-linecap="round" stroke-linejoin="round" /> </svg> </a> <div class="header__submenu-wrapper"> <ul class=" reduced-size "> <li class="header__submenu-header "> <h5 class=""> <span> Resources </span> </h5> <p> Key resources on all things data privacy </p> </li> <li class="header__submenu-list-item"> <img src="https://www.osano.com/hubfs/Imported%20sitepage%20images/book-open-01.svg" alt="book-open-01" loading="lazy" width="24" height="24" style="max-width: 100%; height: auto;"> <div> <h5> Articles </h5> <p> Expert insights on all things privacy </p> </div> <a class="mask-link" href="https://www.osano.com/articles"> </a> </li> <li class="header__submenu-list-item"> <img src="https://www.osano.com/hubfs/Imported%20sitepage%20images/Icon%20(25).svg" alt="Icon (25)" loading="lazy" width="22" height="20" style="max-width: 100%; height: auto;"> <div> <h5> Resource Center </h5> <p> Key resources to further your data privacy education </p> </div> <a class="mask-link" href="https://www.osano.com/resources"> </a> </li> <li class="header__submenu-list-item"> <img src="https://www.osano.com/hubfs/marketing/assets/icons/hand%20a%20heart%20icon%20primary%20200.svg" alt="hand a heart icon primary 200" loading="lazy" width="23" height="22" style="max-width: 100%; height: auto;"> <div> <h5> Customer Stories </h5> <p> Meet some of the 5,000+ leaders using Osano to transform their privacy programs </p> </div> <a class="mask-link" href="https://www.osano.com/customers"> </a> </li> <li class="header__submenu-list-item"> <img src="https://www.osano.com/hubfs/marketing/assets/icons/globe%20icon%20primary%20200.svg" alt="globe icon primary 200" loading="lazy" width="21" height="22" style="max-width: 100%; height: auto;"> <div> <h5> U.S. Data Privacy Laws </h5> <p> A guide to data privacy in the U.S. </p> </div> <a class="mask-link" href="https://www.osano.com/us-data-privacy-laws"> </a> </li> <li class="header__submenu-list-item"> <img src="https://www.osano.com/hubfs/marketing/assets/icons/code%20icon%20primary%20200.svg" alt="code icon primary 200" loading="lazy" width="22" height="20" style="max-width: 100%; height: auto;"> <div> <h5> Product Updates </h5> <p> What's the latest from Osano? </p> </div> <a class="mask-link" href="https://www.osano.com/updates"> </a> </li> </ul> <ul class=" "> <li class="header__submenu-header "> <h5 class=""> <span> Become a Privacy Insider </span> </h5> <p> Data privacy is complex but you're not alone </p> </li> <li class="header__submenu-list-item"> <img src="https://www.osano.com/hubfs/marketing/assets/icons/envelope%20icon%20primary%20200.svg" alt="envelope icon primary 200" loading="lazy" width="22" height="18" style="max-width: 100%; height: auto;"> <div> <h5> The Newsletter </h5> <p> Join our weekly newsletter with over 35,000 subscribers </p> </div> <a class="mask-link" href="https://www.osano.com/newsletter"> </a> </li> <li class="header__submenu-list-item"> <img src="https://www.osano.com/hubfs/Imported%20sitepage%20images/Icon%20(17).svg" alt="Icon (17)" loading="lazy" width="16" height="20" style="max-width: 100%; height: auto;"> <div> <h5> The Podcast </h5> <p> Global experts share insights and compelling personal stories about the critical importance of data privacy </p> </div> <a class="mask-link" href="https://www.osano.com/podcast"> </a> </li> <li class="header__submenu-list-item"> <img src="https://www.osano.com/hubfs/Imported%20sitepage%20images/book-open-01.svg" alt="book-open-01" loading="lazy" width="24" height="24" style="max-width: 100%; height: auto;"> <div> <h5> The Book </h5> <p> Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program </p> </div> <a class="mask-link" href="https://www.osano.com/the-privacy-insider-book"> </a> </li> <li class="header__submenu-list-item"> <img src="https://www.osano.com/hubfs/Imported%20sitepage%20images/Icon%20(30).svg" alt="Icon (30)" loading="lazy" width="23" height="20" style="max-width: 100%; height: auto;"> <div> <h5> Events </h5> <p> Upcoming webinars and in-person events designed for privacy professionals </p> </div> <a class="mask-link" href="https://www.osano.com/events"> </a> </li> </ul> <div class="header__navigation-card header__latest-post"> <h4> Latest Blog post </h4> <div class="header__latest-post-content"> <div class="d-flex"> <img class="blog-related-posts__image" src="https://www.osano.com/hs-fs/hubfs/post-summit%20blog.png?width=352&name=post-summit%20blog.png" loading="lazy" width="352" alt="Two professionals discussing" srcset="https://www.osano.com/hs-fs/hubfs/post-summit%20blog.png?width=176&name=post-summit%20blog.png 176w, https://www.osano.com/hs-fs/hubfs/post-summit%20blog.png?width=352&name=post-summit%20blog.png 352w, https://www.osano.com/hs-fs/hubfs/post-summit%20blog.png?width=528&name=post-summit%20blog.png 528w, https://www.osano.com/hs-fs/hubfs/post-summit%20blog.png?width=704&name=post-summit%20blog.png 704w, https://www.osano.com/hs-fs/hubfs/post-summit%20blog.png?width=880&name=post-summit%20blog.png 880w, https://www.osano.com/hs-fs/hubfs/post-summit%20blog.png?width=1056&name=post-summit%20blog.png 1056w" sizes="(max-width: 352px) 100vw, 352px"> </div> <div class="header__latest-post-wrapper"> <h4> It’s Time for Privacy Pros to Make a Strategic Shift </h4> <p> The importance of effective data privacy can no longer be ignored. </p> <span class="btn-inline"> <span> Read Now </span> <svg xmlns="http://www.w3.org/2000/svg" width="14" height="14" viewbox="0 0 14 14" fill="none"> <path d="M1.16699 6.99984H12.8337M12.8337 6.99984L7.00033 1.1665M12.8337 6.99984L7.00033 12.8332" stroke="white" stroke-width="1.66667" stroke-linecap="round" stroke-linejoin="round" /> </svg> </span> </div> </div> <a class="mask-link" href="https://www.osano.com/articles/data-privacy-strategic-shift" target="_blank"></a> </div> </div> </li> <li> <a href="javascript:void(0);" class="open-sub-menu"> <span> Company </span> <svg xmlns="http://www.w3.org/2000/svg" width="12" height="8" viewbox="0 0 12 8" fill="none"> <path d="M1 1.5L6 6.5L11 1.5" stroke="white" stroke-width="1.66667" stroke-linecap="round" stroke-linejoin="round" /> </svg> </a> <div class="header__submenu-wrapper"> <ul class=" "> <li class="header__submenu-list-item"> <img src="https://www.osano.com/hubfs/Imported%20sitepage%20images/Vector.svg" alt="Vector" loading="lazy" width="20" height="20" style="max-width: 100%; height: auto;"> <div> <h5> About Us </h5> <p> The Osano story </p> </div> <a class="mask-link" href="https://www.osano.com/company/about"> </a> </li> <li class="header__submenu-list-item"> <img src="https://www.osano.com/hubfs/Imported%20sitepage%20images/Icon%20(25).svg" alt="Icon (25)" loading="lazy" width="22" height="20" style="max-width: 100%; height: auto;"> <div> <h5> Careers </h5> <p> Become an Osanian and help us build the future of privacy! </p> </div> <a class="mask-link" href="https://www.osano.com/company/careers"> </a> </li> <li class="header__submenu-list-item"> <img src="https://www.osano.com/hubfs/Imported%20sitepage%20images/Icon%20(26).svg" alt="Icon (26)" loading="lazy" width="20" height="21" style="max-width: 100%; height: auto;"> <div> <h5> Contact </h5> <p> We’re eager to hear from you </p> </div> <a class="mask-link" href="https://www.osano.com/company/contact"> </a> </li> </ul> <ul class=" "> <li class="header__submenu-list-item"> <img src="https://www.osano.com/hubfs/Imported%20sitepage%20images/%EF%83%A3.svg" alt="" loading="lazy" width="19" height="19" style="max-width: 100%; height: auto;"> <div> <h5> Our Pledge </h5> <p> No fines, no penalties </p> </div> <a class="mask-link" href="https://www.osano.com/pledge"> </a> </li> <li class="header__submenu-list-item"> <img src="https://www.osano.com/hubfs/Imported%20sitepage%20images/Icon%20(27).svg" alt="Icon (27)" loading="lazy" width="21" height="22" style="max-width: 100%; height: auto;"> <div> <h5> Data Licensing </h5> <p> Add Osano data privacy ratings and recommendations to your application </p> </div> <a class="mask-link" href="https://www.osano.com/company/data"> </a> </li> <li class="header__submenu-list-item"> <img src="https://www.osano.com/hubfs/Imported%20sitepage%20images/Icon%20(28).svg" alt="Icon (28)" loading="lazy" width="21" height="22" style="max-width: 100%; height: auto;"> <div> <h5> Osano Swag Store </h5> <p> Increase Trust. Stay Compliant. Get Cool Swag. </p> </div> <a class="mask-link" href="https://shop.osano.com" target="_blank" rel="noopener"> </a> </li> </ul> <ul class=" "> <li class="header__submenu-list-item"> <img src="https://www.osano.com/hubfs/Imported%20sitepage%20images/Icon%20(29).svg" alt="Icon (29)" loading="lazy" width="21" height="21" style="max-width: 100%; height: auto;"> <div> <h5> Press & Media </h5> <p> Inquiries and Osano in the news </p> </div> <a class="mask-link" href="https://www.osano.com/pr"> </a> </li> <li class="header__submenu-list-item"> <img src="https://www.osano.com/hubfs/Imported%20sitepage%20images/Icon%20(30).svg" alt="Icon (30)" loading="lazy" width="23" height="20" style="max-width: 100%; height: auto;"> <div> <h5> Partners & Resellers </h5> <p> Interested in partnering with us? </p> </div> <a class="mask-link" href="https://www.osano.com/company/partners-resellers"> </a> </li> </ul> </div> </li> <li> <a href="https://www.osano.com/plans"> <span> Pricing </span> </a> </li> <li class="header__cta-wrapper ml-auto"> <a class="inline-btn" href="https://my.osano.com/" target="_blank" rel="noopener"> <span> Sign In </span> </a> <a class="primary-btn" href="https://www.osano.com/request/demo"> <span> Book a Demo </span> </a> </li> </ul> <button class="d-xxl-none menu-btn" id="menu-btn"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="20" viewbox="0 0 24 20" fill="none"> <path d="M1.30078 1.9668H22.6341" stroke="#ffffff" stroke-width="2.41667" stroke-linecap="round"></path> <path d="M1.30078 9.96704H22.6341" stroke="#ffffff" stroke-width="2.41667" stroke-linecap="round"></path> <path d="M1.30078 17.967H22.6341" stroke="#ffffff" stroke-width="2.41667" stroke-linecap="round"></path> </svg> </button> </div> </div> </header> <div class="header-divider"></div></div> <main id="main-content" class="body-container-wrapper"> <div class="body-container body-container--blog-post"> <section class="hero-blog-detail hero__dynamic hero-blog-detail_pb"> <div class="hero-blog-detail-wrapper hero__dynamic-padding"> <div class="container"> <div class="col-12 col-xl-8 mx-xl-auto hero-blog-detail__header text-center px-0"> <h5 class="eyebrow form-hero "> Essentials </h5> <h5 class="eyebrow form-hero ml-2 "> EU Privacy Law </h5> <h5 class="eyebrow form-hero ml-2 "> US Privacy Law </h5> <h5 class="eyebrow form-hero ml-2 "> International Privacy Law </h5> <h1 class="hero-blog-detail__heading"> <span id="hs_cos_wrapper_name" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="text">Data Privacy Laws: What You Need to Know in 2024</span> </h1> <div class="hero-blog-detail_author"> <img src="https://www.osano.com/hubfs/assets/avatars/Penny-250px.png"> <div> <h5> Osano Staff </h5> <p class="hero-blog-detail_author-update"> Updated: September 24, 2024 </p> <p> Published: August 12, 2024 </p> </div> </div> </div> </div> </div> <div class="hero-blog-detail__image-wrapper container"> <img src="https://www.osano.com/hubfs/Data%20Privacy%20Laws%20%281%29.png" alt="world map with cookie consent banner overlaid"> </div> </section> <div class="container post-content"> <div class="row"> <div class="col-12 col-lg-4"> <div class="blog-detail__sidebar"> <div class="blog-headings-nav"> <h5> In this article </h5> <ul class="blog-headings-list"> </ul> </div> <div class="blog-form-wrapper"> <h3> Sign up for our newsletter </h3> <div> <span id="hs_cos_wrapper_module_168295786820360_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_form" style="" data-hs-cos-general-type="widget" data-hs-cos-type="form"><h3 id="hs_cos_wrapper_form_75702019_title" class="hs_cos_wrapper form-title" data-hs-cos-general-type="widget_field" data-hs-cos-type="text"></h3> <div id="hs_form_target_form_75702019"></div> </span> </div> </div> <div class="post-share d-none d-lg-block"> <h5> Share this article </h5> <ul> <li> <span class="d-flex align-items-center share-clipboard" id="copy-url-btn" data-url="https://www.osano.com/articles/data-privacy-laws"> <span class="tooltip-clipboard">Copy to clipboard</span> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none"> <path d="M10 13C10.4295 13.5742 10.9774 14.0492 11.6066 14.393C12.2358 14.7367 12.9315 14.9411 13.6467 14.9924C14.3618 15.0436 15.0796 14.9404 15.7514 14.6898C16.4231 14.4392 17.0331 14.0471 17.54 13.54L20.54 10.54C21.4508 9.59702 21.9548 8.334 21.9434 7.02302C21.932 5.71204 21.4062 4.45797 20.4791 3.53093C19.5521 2.60389 18.298 2.07805 16.987 2.06666C15.676 2.05526 14.413 2.55924 13.47 3.47003L11.75 5.18003M14 11C13.5706 10.4259 13.0227 9.95084 12.3935 9.60709C11.7643 9.26333 11.0685 9.05891 10.3534 9.00769C9.63822 8.95648 8.92043 9.05966 8.24867 9.31025C7.57691 9.56083 6.9669 9.95296 6.46002 10.46L3.46002 13.46C2.54923 14.403 2.04525 15.666 2.05665 16.977C2.06804 18.288 2.59388 19.5421 3.52092 20.4691C4.44796 21.3962 5.70203 21.922 7.01301 21.9334C8.32399 21.9448 9.58701 21.4408 10.53 20.53L12.24 18.82" stroke="#A8A0B1" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" /> </svg> </span> </li> <li> <a class="podcast-button-hover d-flex align-items-center podcast-share__btn" href="https://twitter.com/intent/tweet?url=https://www.osano.com/articles/data-privacy-laws" target="_blank" rel="noopener"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none"> <path d="M7.55016 21.75C16.6045 21.75 21.5583 14.2468 21.5583 7.74192C21.5583 7.53098 21.5536 7.31536 21.5442 7.10442C22.5079 6.40752 23.3395 5.54432 24 4.55536C23.1025 4.95466 22.1496 5.21544 21.1739 5.3288C22.2013 4.71297 22.9705 3.74553 23.3391 2.60583C22.3726 3.17862 21.3156 3.58267 20.2134 3.80067C19.4708 3.01162 18.489 2.48918 17.4197 2.31411C16.3504 2.13905 15.2532 2.32111 14.2977 2.83216C13.3423 3.3432 12.5818 4.15477 12.1338 5.14137C11.6859 6.12798 11.5754 7.23468 11.8195 8.29036C9.86249 8.19215 7.94794 7.68377 6.19998 6.79816C4.45203 5.91255 2.90969 4.6695 1.67297 3.14958C1.0444 4.2333 0.852057 5.51571 1.13503 6.73615C1.418 7.9566 2.15506 9.02351 3.19641 9.72005C2.41463 9.69523 1.64998 9.48474 0.965625 9.10598V9.16692C0.964925 10.3042 1.3581 11.4066 2.07831 12.2868C2.79852 13.167 3.80132 13.7706 4.91625 13.995C4.19206 14.1932 3.43198 14.2221 2.69484 14.0794C3.00945 15.0575 3.62157 15.913 4.44577 16.5264C5.26997 17.1398 6.26512 17.4807 7.29234 17.5013C5.54842 18.8712 3.39417 19.6142 1.17656 19.6107C0.783287 19.6101 0.390399 19.586 0 19.5385C2.25286 20.9838 4.87353 21.7514 7.55016 21.75Z" fill="#A8A0B1" /> </svg> </a> </li> <li> <a class="podcast-button-hover d-flex align-items-center podcast-share__btn podcast-share__btn--2" href="http://www.linkedin.com/shareArticle?mini=true&url=https://www.osano.com/articles/data-privacy-laws" target="_blank" rel="noopener"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none"> <g clip-path="url(#clip0_400_12823)"> <path d="M22.2234 0H1.77187C0.792187 0 0 0.773438 0 1.72969V22.2656C0 23.2219 0.792187 24 1.77187 24H22.2234C23.2031 24 24 23.2219 24 22.2703V1.72969C24 0.773438 23.2031 0 22.2234 0ZM7.12031 20.4516H3.55781V8.99531H7.12031V20.4516ZM5.33906 7.43438C4.19531 7.43438 3.27188 6.51094 3.27188 5.37187C3.27188 4.23281 4.19531 3.30937 5.33906 3.30937C6.47813 3.30937 7.40156 4.23281 7.40156 5.37187C7.40156 6.50625 6.47813 7.43438 5.33906 7.43438ZM20.4516 20.4516H16.8937V14.8828C16.8937 13.5562 16.8703 11.8453 15.0422 11.8453C13.1906 11.8453 12.9094 13.2937 12.9094 14.7891V20.4516H9.35625V8.99531H12.7687V10.5609H12.8156C13.2891 9.66094 14.4516 8.70938 16.1813 8.70938C19.7859 8.70938 20.4516 11.0813 20.4516 14.1656V20.4516Z" fill="#A8A0B1" /> </g> <defs> <clippath id="clip0_400_12823"> <rect width="24" height="24" fill="white" /> </clippath> </defs> </svg> </a> </li> </ul> </div> </div> </div> <div class="col-12 col-lg-8 blog-post-col"> <article class="blog-post"> <div class="blog-post__body"> <span id="hs_cos_wrapper_post_body" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="rich_text"><p>Virtually every country has enacted some sort of data privacy law to regulate how information is collected, how data subjects are informed, and what control a data subject has over their information once it is transferred. Failure to follow applicable data privacy laws may lead to fines, lawsuits, and even prohibiting a site's use in certain jurisdictions. Navigating these laws and regulations can be daunting, but all website operators should be familiar with data privacy laws that affect their users. </p>  <h2>New and Upcoming Data Privacy Laws in 2024</h2> <p>It's important to remain cognizant of existing data privacy laws, but perhaps you just want to review what's new in 2024 and beyond. Some of these laws are already in effect in 2024, will go into effect this year, or have relevant dates in the future.<a href="#India-DPDPA" rel="noopener"></a></p> <h2><strong><span data-preserver-spaces="true">U.S. Data Privacy Laws</span></strong></h2> <p>Despite numerous proposals over the years, no one comprehensive federal law governs data privacy in the U.S. yet. As of this writing, the <a href="/american-privacy-rights-act-apra" rel="noopener">American Privacy Rights Act</a> has been introduced in Congress. It still faces significant hurdles before it can ultimately be enacted into law, however.</p> <p>In the meantime, however, individual states have acted rather than wait on the federal government. There's a complex patchwork of sector-specific and medium-specific laws, including laws and regulations that address telecommunications, health information, credit information, financial institutions, and marketing. </p> <p></p><div class="hs-cta-embed hs-cta-simple-placeholder hs-cta-embed-178366206848" style="max-width:100%; max-height:100%; width:800px;height:203.5px" data-hubspot-wrapper-cta-id="178366206848"> <a href="/hs/cta/wi/redirect?encryptedPayload=AVxigLIcWEJGTFZJktDu7j6xp2YI127TKSTEgSBb%2B950pnmmGpxXeAy5ur2m%2Fj3jw3kwjD9bFxjDg87DoJxxkfbX5san%2FKjQEO7F2MH5hr5cDCka12CZpHw0O%2FEtl8aY48OdnaPfrE5QVgDLhwWbNruIzd5PStNhRU6xsAWdDx7%2F5Gevgknbl9jku4nGOYCZPn8kZWb%2FNFY%3D&webInteractiveContentId=178366206848&portalId=4785246" target="_blank" rel="noopener" crossorigin="anonymous"> <img alt="RECOMMENDED CHECKLIST 2024 U.S. Data Privacy Checklist   Priortize and learn what activities will have the biggest impact on your overall compliance posture." loading="lazy" src="https://no-cache.hubspot.com/cta/default/4785246/interactive-178366206848.png" style="height: 100%; width: 100%; object-fit: fill" onerror="this.style.display='none'"> </a> </div> <p></p> <h3>The FTC</h3> <p>An important enforcement agency in the U.S. is the Federal Trade Commission (<a href="https://www.ftc.gov/" rel="noopener" target="_blank">FTC</a>). Its authority to regulate on behalf of consumer protections comes from <a href="https://www.ftc.gov/enforcement/statutes/federal-trade-commission-act" rel="noopener" target="_blank">The Federal Trade Commission Act</a> (FTC Act), which has broad jurisdiction over commercial entities under its authority to prevent unfair or "deceptive trade practices." </p> <p>While the FTC uses its authority to issue regulations, enforce privacy laws, and take enforcement actions to protect consumers. For example, the FTC might take impose action against organizations that:</p> <ul> <li>Fail to implement and maintain reasonable data security measures</li> <li>Fail to abide by any applicable self-regulatory principles of the organization's industry</li> <li>Fail to follow a published privacy policy</li> <li>Transfer personal information in a manner not disclosed in the privacy policy</li> <li>Make inaccurate privacy and security representations (i.e., lying) to consumers and in privacy policies</li> <li>Fail to provide sufficient security for personal data</li> <li>Violate consumer data privacy rights by collecting, processing, or sharing consumer information</li> <li>Engage in misleading advertising practices</li> </ul> <p>Other federal laws that govern the collection of information online include:</p> <ul> <li>The <a href="/articles/whats-new-coppa" rel="noopener" target="_blank">Children's Online Privacy Protection Act (COPPA)</a>, which governs the collection of information about minors</li> <li>The <a href="https://www.govinfo.gov/app/details/PLAW-104publ191/summary" rel="noopener" target="_blank">Health Insurance Portability and Accounting Act (HIPAA)</a>, which governs the collection of health information</li> <li>The <a href="https://www.ftc.gov/business-guidance/privacy-security/gramm-leach-bliley-act" rel="noopener" target="_blank">Gramm Leach Bliley Act (GLBA)</a>, which governs personal information collected by banks and financial institutions</li> <li>The <a href="https://www.law.cornell.edu/uscode/text/15/1681" rel="noopener" target="_blank">Fair Credit Reporting Act (FCRA)</a>, which regulates the collection and use of credit information</li> <li>The <a href="https://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html" rel="noopener" target="_blank">Family Educational Rights and Privacy Act (FERPA)</a>, which protects the privacy of student education records</li> </ul> <h2><span data-preserver-spaces="true">State Privacy Laws</span></h2> <p><span data-preserver-spaces="true">The U.S. also has hundreds of sectoral data privacy and data security laws among its states. State attorneys general oversee data privacy laws governing the collection, storage, safeguarding, disposal, and use of personal data collected from their residents, especially regarding data breach notifications and the security of Social Security numbers. Some apply only to governmental entities, others to private entities, and others apply to both. </span></p> <p><span data-preserver-spaces="true">In addition to sectoral privacy laws, the U.S. is experiencing a massive drive toward pushing privacy legislation at the state level. That’s because the federal government hasn’t been able to find a consensus on how to legislate broadly. Rather than wait, state lawmakers have been nudged by consumers, consumer advocates, and even companies to set their own rules. <br></span></p> <p><span data-preserver-spaces="true">Of course, companies would rather comply with a single federal standard than hire attorneys and privacy professionals, invest in <a href="/products" rel="noopener" target="_blank">compliance tools</a>, and establish <a href="/articles/what-osano-does-to-stay-compliant" rel="noopener" target="_blank">a robust compliance program</a> that covers all applicable state laws. But states see the lack of any data privacy protections as more damaging than overly complex data privacy protections.</span></p> <p><span data-preserver-spaces="true">Starting with 2023's state privacy laws and moving into 2024 and beyond, here’s a breakdown of where things stand. </span><span data-preserver-spaces="true"></span></p> <h3>California Privacy Rights Act (CPRA)</h3> <p>The most comprehensive state data privacy legislation to date is the <a href="/articles/california-privacy-laws-ccpa-cpra" rel="noopener" target="_blank">California Privacy Rights Act (CPRA)</a>. The CPRA was passed by a ballot initiative in November 2020 and amended California’s previous state privacy law, the California Consumer Privacy Act (<a href="/articles/california-privacy-laws-ccpa-cpra" rel="noopener" target="_blank">CCPA</a>). It went into effect on January 1, 2023.<br><br>The CPRA is cross-sector legislation that introduces important definitions and broad individual consumer rights and imposes substantial duties on entities or persons that collect personal information about or from a California resident. These duties include informing data subjects when and how data is collected; allowing them to opt-out of data collection; allowing them to access, correct, and delete such information; and restricting how businesses can transfer personal information to other entities.<br><br>Many of the above requirements were also included in the CCPA, but once the CPRA passed, the law was amended to include the following:</p> <ul> <li>Right to rectification: This updates and adds to a consumer’s right to correct inaccurate personal information.</li> <li>Right to restriction: This grants consumers the right to limit the use and disclosure of their sensitive personal information.</li> <li><a href="/articles/pii-vs-pi-vs-sensitive-information" rel="noopener" target="_blank">Sensitive personal information</a>: This updates the definition of personal information. Certain types of information, like a consumer’s Social Security number, must be treated with special protections. </li> </ul> <p>The CPRA also:</p> <ul> <li>Increased fines for breaches of children’s data threefold</li> <li>Expanded breach liability beyond breaches of unencrypted data to disclosures of credentials (like an email address or password) that could lead to access to a consumer’s account</li> <li>Limited the duration of time a company may retain a consumer’s information to only what’s necessary and “proportionate” to the reason it was collected in the first place</li> <li>Requires companies working with third parties, contractors, and outside service providers to contractually mandate that those organizations exercise the same level of privacy protection to data shared with them as the first party</li> </ul> <p>One of the most significant features of the CPRA is its enforcement. While state attorneys general typically handle privacy cases—unless the FTC is involved, and even then, it’s often a partnership—the CPRA establishes a new privacy regulator.</p> <p>The <a href="/articles/california-privacy-protection-agency" rel="noopener" target="_blank">California Privacy Protection Agency (CPPA)</a> can fine transgressors, hold hearings about privacy violations, and clarify privacy guidelines. It’s a five-member board, and it starts enforcing six months after the CPRA goes into effect on July 1, 2023.</p> <p><span class="hs-cta-wrapper" id="hs-cta-wrapper-9619f2d1-2a05-4b89-b71f-7c501ab440e9"><span class="hs-cta-node hs-cta-9619f2d1-2a05-4b89-b71f-7c501ab440e9" id="hs-cta-9619f2d1-2a05-4b89-b71f-7c501ab440e9"><a href="https://cta-redirect.hubspot.com/cta/redirect/4785246/9619f2d1-2a05-4b89-b71f-7c501ab440e9" target="_blank" rel="noopener"><img class="hs-cta-img" id="hs-cta-img-9619f2d1-2a05-4b89-b71f-7c501ab440e9" style="border-width:0px;" src="https://no-cache.hubspot.com/cta/default/4785246/9619f2d1-2a05-4b89-b71f-7c501ab440e9.png" alt="Download the Guide - Break down the major tasks you need to complete for CPRA compliance."></a></span><script charset="utf-8" src="/hs/cta/cta/current.js"></script><script type="text/javascript"> hbspt.cta._relativeUrls=true;hbspt.cta.load(4785246, '9619f2d1-2a05-4b89-b71f-7c501ab440e9', {"useNewLoader":"true","region":"na1"}); </script></span></p> <h3><span style="font-weight: normal;">Virginia's Consumer Data Protection Act (CDPA)</span><strong><span data-preserver-spaces="true"> </span></strong></h3> <p><span data-preserver-spaces="true"><a href="/articles/vcdpa-virginia-consumer-data-protection-act" rel="noopener">Virginia's Consumer Data Protection Act (CDPA)</a> was passed on March 2, 2021. It grants Virginia consumers certain rights over their data and requires companies covered by the law to comply with rules on the data they collect, how it's treated and protected, and with whom it's shared.<br></span></p> <p><span data-preserver-spaces="true">The law contains some similarities to the EU General Data Protection Regulation's (<a href="/gdpr" rel="noopener">GDPR</a>) provisions and the CPRA. It applies to entities that do business in Virginia or sell products and services targeted to Virginia residents and also meet one of the following:<br></span></p> <ul> <li><span data-preserver-spaces="true">Control or process the personal data of 100,000 or more</span></li> <li><span data-preserver-spaces="true">Control or process the personal data of at least 25,000 consumers and earn 50% of their revenue by selling personal information </span></li> </ul> <p><span data-preserver-spaces="true">The CDPA requires companies covered by the law to assist consumers in exercising their data rights by obtaining opt-in consent before processing their sensitive data (non-sensitive data may be collected so long as the consumer is notified), disclosing when their data will be sold, and allowing them to opt-out of data collection. It also requires companies to provide users with a clear privacy notice that enables consumers to opt-out of targeted advertising. In addition, it requires data brokers to honor consumers’ requests to opt out of data processing, among other requirements.<br><br>The CDPA went into effect on January 1, 2023.<br></span></p> <h3><span data-preserver-spaces="true">Colorado Privacy Act (CPA)</span></h3> <p><span data-preserver-spaces="true">In June 2020, Colorado became the third U.S. state to pass a privacy law. The <a href="/articles/colorado-privacy-act-cpa" rel="noopener" target="_blank">Colorado Privacy Act</a> grants Colorado residents rights over their data and places obligations on data controllers and processors. It contains some similarities to California's CPRA, Virginia's CDPA, and the EU’s GDPR.<br></span></p> <p><span data-preserver-spaces="true">While there are similarities, such as some form of a right to opt-out, special protections for sensitive data, and the adoption of some privacy-by-design principles, the significant differences are in the details.<br>The CPA applies to businesses that collect personal data from 100,000 Colorado residents or collect data from 25,000 Colorado residents and derive revenue from the sale of that data. <br></span></p> <p><span data-preserver-spaces="true">The law lists five rights granted to Colorado residents once the law becomes effective on July 1, 2023. They are:<br></span></p> <ul> <li><span data-preserver-spaces="true">The right to opt-out of targeted ads, the sale of their personal data, or being profiled</span></li> <li><span data-preserver-spaces="true">The right to access the data a company has collected about them</span></li> <li><span data-preserver-spaces="true">The right to correct data that's been collected about them</span></li> <li><span data-preserver-spaces="true">The right to request the data collected about them is deleted</span></li> <li><span data-preserver-spaces="true">The right to data portability (that is, the right to take your data and move it to another company)<br> </span></li> </ul> <p><span data-preserver-spaces="true">There are 17 blanket exemptions within the law. Data exemptions include:<br></span></p> <ul> <li><span data-preserver-spaces="true">If the data was collected for Colorado health insurance law purposes </span></li> <li><span data-preserver-spaces="true">If the entity collecting the data or the data collected is already covered by certain sectoral laws, including COPPA or the Family Educational Rights and Privacy Act (FERPA)</span></li> <li><span data-preserver-spaces="true">If the data has been de-identified or pseudonymized</span></li> <li><span data-preserver-spaces="true">If the data is being maintained and used by a consumer reporting agency </span></li> <li><span data-preserver-spaces="true">If the data is being used for employment records purposes</span></li> </ul> <p><span data-preserver-spaces="true">Since the law goes into effect midway through 2023, businesses should expect updates to the law via rulemaking in the first half of the year.</span></p> <h3><span data-preserver-spaces="true">Utah Consumer Privacy Act (UCPA)</span></h3> <p><span data-preserver-spaces="true">In March 2022, <a href="https://le.utah.gov/~2022/bills/static/SB0227.html" rel="noopener" target="_blank">Utah became the fourth state</a> to enact a comprehensive consumer privacy law, which will take effect on December 31, 2023. The <a href="/articles/utah-consumer-privacy-act-ucpa" rel="noopener" target="_blank">Utah Consumer Privacy Act (UCPA)</a> draws from the CDPA, CPA, and CPRA.<br></span></p> <p><span data-preserver-spaces="true">The law applies to both data controllers and processors that generate over $25 million in annual revenue and either:<br></span></p> <ul> <li><span data-preserver-spaces="true">Control or process personal data for over 100,000 consumers yearly, or</span></li> <li><span data-preserver-spaces="true">Derive over 50% of the entity’s gross revenue from the sale of personal data and controls or processes the personal data of 25,000 or more consumers.</span></li> </ul> <p><span data-preserver-spaces="true">Similarly to the statutes in Colorado and Virginia, there are exemptions for certain types of personal data; however, they’re broader at both the entity and data levels.</span></p> <p><span data-preserver-spaces="true">The law does not apply to governmental entities or third parties acting on behalf of a governmental entity, tribes, institutions of higher education, nonprofit corporations, business associates, information that meets the definition of protected health information for HIPAA and related regulations, and more.</span></p> <p><span data-preserver-spaces="true">Financial institutions governed by the GLBA (the Gramm-Leach-Bliley Act) and information in the FCRA (Fair Credit Reporting Act) also aren’t subject to the UCPA. Data processed or maintained in the course of employment is also exempt.</span></p> <p><span data-preserver-spaces="true">Consumers have the right to:<br></span></p> <ul> <li><span data-preserver-spaces="true">Confirm whether a controller is processing their personal data and accessing or deleting personal data provided</span></li> <li><span data-preserver-spaces="true">Obtain a copy of their personal data in a portable, accessible format</span></li> <li><span data-preserver-spaces="true">Opt-out of processing of personal data for targeted advertising or sale</span></li> </ul> <p><span data-preserver-spaces="true">In contrast to the CDPA and CPA, the UCPA does not include the right to opt-out of profiling nor codify the right to correct inaccuracies in their data.<br></span></p> <h3><span data-preserver-spaces="true">Connecticut Data Privacy Act (CTDPA)</span></h3> <p><span data-preserver-spaces="true">Connecticut's fifth and most recent state to adopt a comprehensive consumer privacy law. Senate Bill 6, or “An Act Concerning Personal Data Privacy and Online Monitoring” (<a href="/articles/connecticut-data-privacy-act-ctdpa" rel="noopener" target="_blank">CTDPA</a>), went into effect July 1, 2023.<br></span></p> <p><span data-preserver-spaces="true">The law also draws from Virginia and Colorado’s statutes, with a few departures. It applies to businesses that, during the preceding calendar year:<br></span></p> <ul> <li><span data-preserver-spaces="true">Controlled or processed personal data of 100,000 or more Connecticut residents, excluding residents whose personal data is controlled or processed solely to complete a payment transaction; or</span></li> <li><span data-preserver-spaces="true">Controlled or processed the personal data of not less than 25,000 consumers and derived more than 25% of their gross revenue from the sale of personal data.</span></li> </ul> <p><span data-preserver-spaces="true">The law is the first to specify that payment transaction data is not subject to the law, which is for small businesses that process information to complete a transaction, such as restaurants. Consumers can opt out of data processing for the purposes of targeted advertisements, sale to a third party, and profiling.</span></p> <p><span data-preserver-spaces="true">The state allows a 60-day period to remedy violations through December 31, 2024.</span></p> <h3 aria-level="2">Montana Consumer Data Privacy Act (MTCDPA) </h3> <p><span data-contrast="auto">Montana Governor Greg Gianforte signed the </span><a href="https://www.osano.com/articles/montana-consumer-data-privacy-act-mtcdpa"><span data-contrast="none">Montana Consumer Data Privacy Act (MTCDPA)</span></a><span data-contrast="auto"> into law on May 19, 2023. However, the law does not go into effect until October 1, 2024.</span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <p><span data-contrast="auto">The MTCDPA applies to any data controller that handles the personal data of at least 50,000 Montana residents, except for data used exclusively for payment transactions. Additionally, controllers that manage personal data from at least 25,000 consumers and derive more than 25% of their revenue from selling personal data also must comply with the law. Notably, there is no revenue threshold associated with the MTCDPA.</span><span data-ccp-props="{"134233117":false,"134233118":false,"201341983":0,"335551550":1,"335551620":1,"335559685":0,"335559737":0,"335559738":0,"335559739":160,"335559740":259}"> </span></p> <p><span data-contrast="auto">Under the law, Montanans have the right to opt out of the sale of their personal data, the right to know if a controller is processing their personal information and access to that data, the right to request the correction of inaccurate or outdated information, the right to ask a controller to delete their personal data, the right to portability, and the right to not be discriminated against for exercising their rights.</span><span data-ccp-props="{"134233117":false,"134233118":false,"201341983":0,"335551550":1,"335551620":1,"335559685":0,"335559737":0,"335559738":0,"335559739":160,"335559740":259}"> </span></p> <p><span data-contrast="auto">The MTCDPA includes the usual range of exemptions, including government agencies, nonprofits, higher education institutions, national securities associations registered under the Securities Exchange Act, organizations governed by GLBA, and organizations subject to HIPAA.</span><span data-ccp-props="{"134233117":false,"134233118":false,"201341983":0,"335551550":1,"335551620":1,"335559685":0,"335559737":0,"335559738":0,"335559739":160,"335559740":259}"> </span></p> <p><span data-contrast="auto">One of the more unique features of the law is that it doesn't specify a particular dollar amount for fines or other statutory damages for breaking the law. It simply states that the Attorney General can take legal action. Businesses will also have a 60-day cure period to address any violations, though this period expires April 1, 2026.</span><span data-ccp-props="{"134233117":false,"134233118":false,"201341983":0,"335551550":1,"335551620":1,"335559685":0,"335559737":0,"335559738":0,"335559739":160,"335559740":259}"> </span></p> <h3 aria-level="2">Tennessee Information Protection Act (TIPA)</h3> <p><a href="https://www.osano.com/articles/tennessee-information-protection-act-tipa"><span data-contrast="none">The Tennessee Information Protection Act (TIPA)</span></a><span data-contrast="auto">, signed into law in May 2023 and effective from July 1, 2025, positions Tennessee among states taking proactive steps in consumer privacy. The TIPA applies to businesses exceeding $25 million in revenue that engage with Tennessee or its residents and either:</span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <ul> <li data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{"335552541":1,"335559683":0,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" aria-setsize="-1" data-aria-posinset="15" data-aria-level="1"><span data-contrast="auto">Control or process the personal information of at least 175,000 consumers. </span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></li> <li data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{"335552541":1,"335559683":0,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" aria-setsize="-1" data-aria-posinset="16" data-aria-level="1"><span data-contrast="auto">Control or process the personal information of at least 25,000 consumers and derive more than 50 percent of gross revenue from the sale of personal information.</span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></li> </ul> <p><span data-contrast="auto">Consumer rights under TIPA include the ability to confirm, access, correct, delete, and obtain personal information. The law places responsibilities on data controllers, emphasizing data minimization, security practices, and non-discrimination. </span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <p><span data-contrast="auto">In contrast with other state laws, the TIPA provides a narrower applicability threshold, a generous two-plus-year on-ramp period for businesses, and an affirmative defense option for those with written privacy programs aligned with specified frameworks like NIST. In this circumstance, an affirmative defense helps protect businesses against liability. Because of these and other unique features, the TIPA is one of the more business-friendly U.S. privacy laws.</span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <p><span data-contrast="auto">Enforcement falls under the state attorney general, with a 60-day cure period for violators. Penalties may include fines up to $7,500 per violation, with the potential for tripled damages for willful violations.</span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <h3 aria-level="2">Oregon Consumer Privacy Act (OCPA)</h3> <p><a href="https://www.osano.com/articles/oregon-consumer-privacy-act-ocpa"><span data-contrast="none">The Oregon Consumer Privacy Act (OCPA)</span></a><span data-contrast="auto"> represents Oregon's response to the absence of a federal privacy law. Signed into law in July 2023, the OCPA is set to become effective on July 1, 2024, concurrently with Texas's privacy law. The law applies to businesses conducting operations in Oregon or providing services to its residents and either:</span><span data-ccp-props="{"134233117":false,"134233118":false,"201341983":0,"335551550":1,"335551620":1,"335559685":0,"335559737":0,"335559738":0,"335559739":160,"335559740":259}"> </span></p> <ul> <li data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{"335552541":1,"335559683":0,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" aria-setsize="-1" data-aria-posinset="17" data-aria-level="1"><span data-contrast="auto">Control or process the personal data of 100,000 or more consumers.</span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></li> <li data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{"335552541":1,"335559683":0,"335559684":-2,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" aria-setsize="-1" data-aria-posinset="18" data-aria-level="1"><span data-contrast="auto">Control or process the personal data of 25,000 or more consumers while deriving a quarter or more of their annual gross revenue from selling personal data.</span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></li> </ul> <p><span data-contrast="auto">Notable exemptions to the OCPA involve information governed by acts like HIPAA and GLBA like other state laws. However, the OCPA is distinct that entities subject to these acts must still comply with the OCPA for non-covered data. The law grants consumers the usual rights, including access, correction, deletion, and opt-out options for targeted advertising or profiling. Controllers must respond to requests within 45 days, extendable by an additional 45 days, and provide justification for any rejection.</span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <p><span data-contrast="auto">Unique features of the OCPA include its data-level exemptions for HIPAA and GLBA (as opposed to entity-level exemptions) and its broad definition of sensitive data. The OCPA includes the usual items under the umbrella of </span><a href="https://www.osano.com/articles/pii-vs-pi-vs-sensitive-information"><span data-contrast="none">sensitive data</span></a><span data-contrast="auto">, but also includes data types like an individual’s status as transgender or nonbinary, citizenship or immigration status, and more. </span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <p><span data-contrast="auto">Enforcement falls under the state attorney general, with potential fines up to $7,500 per violation. Unlike some state laws, the OCPA incorporates a 30-day right to cure, a five-year statute of limitations, and provisions for additional fees if the attorney general prevails in an action.</span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <h3 aria-level="2">Texas Data Privacy and Security Act (TDPSA)</h3> <p><a href="https://www.osano.com/articles/texas-data-privacy-and-security-act-tdpsa"><span data-contrast="none">The Texas Data Privacy and Security Act (TDPSA)</span></a><span data-contrast="auto">, signed into law on June 18, 2023, by Texas Governor Greg Abbott, positions Texas as the second-largest state (after California) to enact a comprehensive data privacy law.</span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <p><span data-contrast="auto">Unique aspects of the TDPSA include a deviation from traditional applicability criteria, replacing revenue-based thresholds with a focus on businesses conducting operations in Texas and offer products or services consumed by Texas residents, or businesses that process or sell personal data. Notably, it introduces a novel small business provision, and while exclusions exist for entities such as state agencies and financial institutions, the law does not provide a general exemption for entities governed by HIPAA or GLBA, requiring compliance for non-covered data.</span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <p><span data-contrast="auto">Consumer rights granted by the TDPSA align with common privacy laws, allowing residents to confirm, correct, delete, and obtain copies of their personal data, along with opting out of targeted advertising or data sale. The law becomes enforceable on July 1, 2024, with businesses gaining a grace period until January 1, 2025, to comply with the global opt-out technology provision. A distinctive feature is the perpetual 30-day cure period, allowing violators to rectify breaches and avoid penalties by providing the attorney general with evidence of compliance.</span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <p><span data-contrast="auto">The TDPSA introduces unique provisions, such as additional disclosures for companies selling sensitive or biometric information, and explicit notices for data sale on targeted advertising.</span><span data-ccp-props="{"134233117":false,"134233118":false,"201341983":0,"335551550":1,"335551620":1,"335559685":0,"335559737":0,"335559738":0,"335559739":160,"335559740":259}"> </span></p> <p><span data-contrast="auto">The law is enforceable by the state attorney general, who can issue fines of up to $7,500 per violation.</span><span data-ccp-props="{"134233117":false,"134233118":false,"201341983":0,"335551550":1,"335551620":1,"335559685":0,"335559737":0,"335559738":0,"335559739":160,"335559740":259}"> </span></p> <h3 aria-level="2">Iowa Consumer Data Protection Act (ICDPA)</h3> <p><a href="https://www.osano.com/articles/iowa-consumer-data-protection-act-icdpa"><span data-contrast="none">The Iowa Consumer Data Protection Act (ICDPA)</span></a><span data-contrast="auto"> was signed into law in late March, 2023, by Governor Kim Reynolds, and goes into effect on January 1, 2025.</span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <p><span data-contrast="auto">The ICDPA applies to businesses controlling or processing the personal data of at least 100,000 Iowa consumers or 25,000 consumers with over 50% of gross revenue from data sales. Exemptions include data regulated by the FCRA, state agencies, financial institutions under GLBA, and entities complying with HIPAA. </span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <p><span data-contrast="auto">Consumer rights under the ICDPA include confirmation of data processing, deletion rights, access to personal data, and the right to opt out of data sales. While similar to other state laws, ICDPA notably lacks explicit provisions for the right to correct personal data and the right to opt out of profiling. In response to consumers exercising their rights, the law sets a 90-day timeline for responses and requires businesses to provide information free of charge up to twice annually per consumer.</span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <p><span data-contrast="auto">Enforcement, managed by the state attorney general, incorporates a perpetual 90-day cure period for violators before fines of $7,500 per violation are imposed. The ICDPA does not grant a private right of action.</span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <h3 aria-level="2">Indiana Consumer Data Protection Act (INCDPA)</h3> <p><a href="/articles/indiana-consumer-data-protection-act" rel="noopener"><span data-contrast="none">The Indiana Consumer Data Protection Act (INCDPA)</span></a><span data-contrast="auto"> became the seventh state to adopt a privacy law on May 1, 2023. Effective from January 1, 2026, the INCDPA follows the footsteps of similar state laws, emphasizing consumer rights and establishing guidelines for data safeguarding.</span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <p><span data-contrast="auto">The INCDPA applies to businesses operating in Indiana or selling products and services to Indiana residents that control or process personal data of either 100,000 or 25,000 Indiana residents. Unlike other data privacy laws, the INCDPA doesn't solely rely on a revenue threshold, requiring compliance even if annual gross revenues fall below a specific limit.</span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <p><span data-contrast="auto">Consumer rights granted by the INCDPA include the ability to correct data inaccuracies; opt out of targeted advertising, data sales, or specific profiling; confirm data processing; and request the deletion of personal data. Exemptions exclude state entities, affiliates of financial institutions, organizations subject to HIPAA, non-profit entities, higher education institutions, and public utility entities. Controllers must adhere to principles like data minimization, implement security measures, and conduct data protection impact assessments (DPIA) for specific data processing activities. These include targeted advertising, data sale, profiling with foreseeable risks, processing of sensitive data, and other activities with heightened risk.</span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <p><span data-contrast="auto">Enforcement of the INCDPA involves a 30-day cure period for alleged violations before civil penalties of up to $7,500 per violation are imposed. The attorney general oversees enforcement and may grant injunctive relief. The law emphasizes a business-friendly approach, providing a substantial window for compliance preparation. </span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <h3 aria-level="2">Delaware Personal Data Privacy Act (DPDPA)</h3> <p><span data-contrast="auto">Delaware joined the growing list of U.S. states enacting comprehensive data privacy legislation with the </span><a href="/articles/delaware-personal-data-privacy-act-dpdpa" rel="noopener"><span data-contrast="none">Delaware Personal Data Privacy Act (DPDPA)</span></a><span data-contrast="auto">, positioned as one of the nation's most robust data privacy bills. While California still holds the title for the strongest data privacy law, the DPDPA is notable for its consumer-friendly approach and broader applicability, encompassing businesses of varying sizes. Set to take effect on January 1, 2025, the law grants an additional year for businesses to implement universal opt-out mechanisms in 2026.</span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <p><span data-contrast="auto">Applicability under the DPDPA is extensive, covering any company conducting business in Delaware or offering products/services targeting state residents. The thresholds for compliance are set at processing the personal data of at least 35,000 consumers or 10,000 consumers with over 20% of gross revenue derived from personal data sales. Notably, the 35,000-consumer threshold is the lowest among existing data privacy laws, making the DPDPA applicable to a broader range of small and medium-sized companies.</span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <p><span data-contrast="auto">Exemptions under the DPDPA include government bodies, financial institutions subject to the GLBA, and various types of data, such as protected health information under HIPAA. Consumer rights align with other state laws, encompassing the right to confirm and access personal data, correct inaccuracies, delete data, obtain data copies, receive a list of third-party disclosures, and opt-out of targeted advertising, data sale, or profiling. Controllers are obliged to limit data collection to what is necessary, implement security measures, and obtain opt-in consent for sensitive data or data of known children.</span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <p><span data-contrast="auto">Enforcement falls under the jurisdiction of the Department of Justice, allowing a cure period for violators, albeit with a sunset provision ending on January 1, 2026. The Department may investigate and prosecute violations, potentially resulting in penalties up to $10,000 per violation. The law also mandates data protection assessments for activities with a heightened risk of harm to consumers, such as targeted advertising or processing sensitive data. </span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> </span></p> <h3><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}">Nebraska Data Privacy Act (NDPA)</span></h3> <p><span data-contrast="auto"><a href="/articles/nebraska-data-privacy-act-ndpa" rel="noopener">The Nebraska Data Privacy Act (NDPA)</a> is a comprehensive data privacy act designed to protect consumers and give them control over their personal information. It grants them certain rights, outlined below, and provides </span><a href="https://www.osano.com/articles/data-privacy-terms"><span data-contrast="none">controllers</span></a><span data-contrast="auto">, or the entity that determines the purpose and means of processing per</span><span data-contrast="none">sonal data</span><span data-contrast="auto">, with specific requirements for how to handle data and consumer requests related to their data. </span><span data-ccp-props="{"201341983":0,"335559740":276}"> </span></p> <p><span data-contrast="auto">The law’s scope tracks closely with the </span><a href="https://www.osano.com/articles/texas-data-privacy-and-security-act-tdpsa"><span data-contrast="none">Texas Data Privacy and Security Act (TDPSA)</span></a><span data-contrast="auto">, including its applicability, sensitive data, and its requirement to honor universal opt-out mechanisms. </span><span data-ccp-props="{"201341983":0,"335559740":276}"> </span></p> <p><span data-contrast="auto">Like the TDPSA, Nebraska’s privacy law applies to a person who: </span><span data-ccp-props="{"201341983":0,"335559740":276}"> </span></p> <ul> <li data-leveltext="●" data-font="" data-listid="4" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769242":[8226],"469777803":"left","469777804":"●","469777815":"multilevel"}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Conducts business in the state or produces a product or service consumed by residents of Nebraska; </span><span data-ccp-props="{"201341983":0,"335559740":276}"> </span></li> <li data-leveltext="●" data-font="" data-listid="4" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769242":[8226],"469777803":"left","469777804":"●","469777815":"multilevel"}" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"><span data-contrast="auto">Processes or engages in the sale of personal data; and </span><span data-ccp-props="{"201341983":0,"335559740":276}"> </span></li> <li data-leveltext="●" data-font="" data-listid="4" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769242":[8226],"469777803":"left","469777804":"●","469777815":"multilevel"}" aria-setsize="-1" data-aria-posinset="3" data-aria-level="1"><span data-contrast="auto">Is not a small business as determined under the federal Small Business Act.</span><span data-ccp-props="{"201341983":0,"335559740":276}"> </span></li> </ul> <p><span data-contrast="auto">One notable aspect of the NDPA’s applicability is that, unlike most other state laws, there is no revenue or volume of data processed. </span><span data-ccp-props="{"201341983":0,"335559740":276}"> </span></p> <p><span data-contrast="auto">Like many other </span><a href="https://www.osano.com/us-data-privacy-laws"><span data-contrast="none">comprehensive data privacy laws</span></a><span data-contrast="auto">, the state attorney general has enforcement authority of the data privacy act. The law stipulates that the attorney general must first notify the controller or processor of the violation in writing and provide a 30-day cure period—luckily for Nebraska businesses, this cure period does not sunset, unlike other state data privacy laws. </span><span data-ccp-props="{"201341983":0,"335559740":276}"> </span><span data-ccp-props="{"201341983":0,"335559740":276}"> </span></p> <p><span data-contrast="auto">In addition to curing the violation, the controller or process must also provide a written statement and supportive documentation to show the violation was cured and stating that they will not commit another violation.</span><span data-ccp-props="{"201341983":0,"335559740":276}"> </span><span data-ccp-props="{"201341983":0,"335559740":276}"> </span></p> <p><span data-contrast="auto">Those who don’t cure a violation during the 30-day timeframe, or who breach their written statement, will be subject to a $7,500 fine for each infraction.</span><span data-ccp-props="{"201341983":0,"335559740":276}"> </span></p> <h3><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}">New Hampshire Privacy Act (NHPA)</span></h3> <p><span data-contrast="auto"><a href="/articles/new-hampshire-privacy-act-nhpa" rel="noopener">The New Hampshire Privacy Act (NHPA)</a> is one of a number of statewide data privacy laws aimed at giving consumers control over their personal data in an increasingly digital world.</span><span data-ccp-props="{"201341983":0,"335559740":240}"> </span></p> <p><span data-contrast="auto">The good news for businesses is that the NHPA largely resembles other data privacy laws that have come before it. It is most closely aligned to those in Virginia (</span><a href="https://www.osano.com/articles/vcdpa-virginia-consumer-data-protection-act"><span data-contrast="none">VCDPA</span></a><span data-contrast="auto">) and Connecticut (</span><a href="https://www.osano.com/articles/connecticut-data-privacy-act-ctdpa"><span data-contrast="none">CTDPA</span></a><span data-contrast="auto">)—though there are slight nuances. </span></p> <p><span data-contrast="auto">The law is slated to take effect January 1, 2025, and will apply to “persons that conduct business” in the state or who produce products or services targeted to residents of New Hampshire and who, during a one-year period: </span><span data-ccp-props="{"201341983":0,"335559740":240}"> </span></p> <ul> <li data-leveltext="●" data-font="Fira Sans" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769242":[8226],"469777803":"left","469777804":"●","469777815":"multilevel"}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Controlled or processed the personal data of not less than 35,000 unique consumers, excluding if the processing occurred solely to complete a payment transaction, or</span><span data-ccp-props="{"201341983":0,"335559740":240}"> </span></li> <li data-leveltext="●" data-font="Fira Sans" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769242":[8226],"469777803":"left","469777804":"●","469777815":"multilevel"}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Controlled or processed the personal data of not less than 10,000 unique consumers and derived more than 25 percent of their gross revenue from the sale of personal data. </span><span data-ccp-props="{"201341983":0,"335559740":240}"> </span></li> </ul> <p><span data-contrast="auto">The New Hampshire data privacy act’s scope is somewhat unique in that it doesn’t include a revenue threshold. Additionally, the applicability threshold is lower than other laws, but lawmakers have pointed out that this is because of the state’s lower population. </span><span data-ccp-props="{"201341983":0,"335559740":240}"> </span></p> <p><span data-contrast="auto">Like other U.S. laws, the NHPA follows primarily an </span><a href="https://www.osano.com/articles/opt-in-vs-opt-out"><span data-contrast="none">opt-out</span></a><span data-contrast="auto"> model, meaning businesses are free to process consumer data, but must notify consumers about the processing first and give them a way to opt out of the collection or sale of data. There are exceptions, however, for the data of children under the age of 13 and for sensitive data. Here, opt-in permission is required.</span><span data-ccp-props="{"201341983":0,"335559740":240}"> </span></p> <p><span data-contrast="auto">Other notable provisions include: </span><span data-ccp-props="{"201341983":0,"335559740":240}"> </span></p> <ul> <li data-leveltext="●" data-font="Fira Sans" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769242":[8226],"469777803":"left","469777804":"●","469777815":"multilevel"}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">The NHPA will require businesses to recognize universal opt-out mechanisms, such as the </span><a href="https://www.osano.com/articles/global-privacy-control"><span data-contrast="none">Global Privacy Control</span></a><span data-contrast="auto">.</span><span data-ccp-props="{"201341983":0,"335559740":240}"> </span></li> <li data-leveltext="●" data-font="Fira Sans" data-listid="1" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769242":[8226],"469777803":"left","469777804":"●","469777815":"multilevel"}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">The act has a 60-day cure period for violations that sunsets one year after the law is enacted (in January 2026). </span><span data-ccp-props="{"201341983":0,"335559740":240}"> </span></li> </ul> <h3><span data-ccp-props="{"201341983":0,"335559740":240}">New Jersey Data Privacy Act (NJDPA)</span></h3> <p><a href="/articles/new-jersey-data-privacy-act-njdpa" rel="noopener">The New Jersey Data Protection Act (NJDPA)</a> is a<span> </span><span><a href="https://www.osano.com/articles/data-privacy-laws">data privacy law</a></span><span> </span>that gives New Jersey residents control over their personal data, providing certain rights and imposing obligations on those who control and process consumer data. The law applies to businesses and entities who conduct business in the state or who produce products or services targeted to those who live in New Jersey.</p> <p>In terms of applicability and exemptions, New Jersey’s privacy law aligns with other state laws. It applies to<span> </span><a href="https://www.osano.com/articles/data-privacy-terms">controllers</a><span> </span>who, during a calendar year, meet one of the following criteria:</p> <ul> <li>Control or process the personal data of at least 100,000 consumers, excluding personal data processed solely for the purpose of completing a payment transaction, or</li> <li>Control or process the personal data of at least 25,000 consumers and the controller derives revenue or receives a discount on the price of any goods or services, from the sale of personal data.</li> </ul> <p>There are a few key definitions in the law: the NJDPA defines “sale” as “sharing, disclosing, or transferring” data for money or other valuable consideration, similar to<span> </span><span><a href="https://www.osano.com/articles/california-privacy-laws-ccpa-cpra">California’s law</a></span>. A “controller” is an individual or legal entity that determines the purpose and means of processing personal data.</p> <p>Similar to Colorado’s privacy law, it doesn’t define a specific percentage of revenue that must be derived from the sale of data, whereas other states have implemented a 25 or 50 percent threshold.</p> <p><span>The law goes into effect in January 15, 2025, one year after its enactment.</span></p> <h3>Kentucky Consumer Data Protection Act (KCDPA)</h3> <p><a href="/articles/kentucky-consumer-data-protection-act-kcdpa" rel="noopener">The Kentucky Consumer Data Protection Ac (KCDPA)</a> provides data privacy protections for consumers of the Bluegrass State, granting them certain, now standard rights. We’ll dive into more on that later.</p> <p>The law defines consumers as residents of the state acting<span> </span><em>only</em><span> </span>as an individual, not in commercial or employment contexts. It closely aligns with Virginia’s law, which is good news for businesses already complying with the<span> </span><a href="https://www.osano.com/articles/vcdpa-virginia-consumer-data-protection-act">Virginia Consumer Data Protection Act</a><span> </span>(VCDPA). And, because the VCDPA is considered a framework or foundation legislation, the KCDPA also tracks closely with other state laws that used Virginia’s law as a framework, including<span> </span><a href="https://www.osano.com/articles/tennessee-information-protection-act-tipa">Tennessee</a><span> </span>and Indiana.</p> <p>Businesses will become subject to the law as of January 1, 2026.</p> <p>Similar to Virginia,<span> </span><a href="https://www.osano.com/articles/colorado-privacy-act-cpa">Colorado</a>,<span> </span><a href="https://www.osano.com/articles/connecticut-data-privacy-act-ctdpa">Connecticut</a>, and Indiana, Kentucky’s privacy act allows companies to collect and process most types of personal information without obtaining affirmative user consent first (in most cases). This is known as the<span> </span><a href="https://www.osano.com/articles/opt-in-vs-opt-out">opt-out</a><span> </span>model, which most U.S. data privacy laws follow.</p> <p>Just like Virginia’s law, the KCDPA applies to any person who conducts business in Kentucky or who produces products or services that target residents of the state, and during a calendar year controls or processes data of at least:</p> <ul> <li>100,000 consumers; or</li> <li>25,000 consumers and derives over 50 percent of gross revenue from the sale of personal data.</li> </ul> <p>Like all data privacy laws that came before it, the KCDPA applies to both controllers, or entities who determine the purpose and means of processing data, and processors, or entities that process personal data on behalf of a controller, such as a third-party vendor charged with analyzing data. The delineation between controllers and processors exists to clearly assign responsibilities for data governance between the parties involved in collecting and processing consumer data.</p> <h3>Minnesota Consumer Data Privacy Act (MCDPA)</h3> <p><span data-contrast="auto">The MCDPA is a state-level legislation designed to safeguard the personal data of Minnesota residents. Rather than permit organizations to collect, process, and generally do whatever they wish with consumers’ personal information, data privacy regulations like the MCDPA: </span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":279}"> </span></p> <ul> <li data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Set limits on what organizations can do with personal data</span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":279}"> </span></li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"><span data-contrast="auto">Require organizations to meet certain obligations, like setting safeguards, assessing for risk, and respecting consumer rights</span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":279}"> </span></li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" aria-setsize="-1" data-aria-posinset="3" data-aria-level="1"><span data-contrast="auto">Provide consumers with data privacy rights that enable them to maintain control over their personal information</span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":279}"> </span></li> </ul> <p><span data-contrast="auto">Officially enacted on May 24, 2024, the MCDPA will take effect on July 31, 2025. Once that happens, businesses will need to comply or potentially suffer penalties and fines from the state Attorney General.</span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":279}"> </span></p> <p><span data-contrast="auto">The MCDPA applies to organizations that provide products or services targeted at Minnesotans and meet one of the following criteria:</span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":279}"> </span></p> <ul> <li data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">During a calendar year, they control or process the personal data of </span><strong><span data-contrast="auto">100,000 consumers or more.</span></strong><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":279}"> </span></li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="2" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"><span data-contrast="auto">They derive </span><strong><span data-contrast="auto">more than 25 percent of gross revenue</span></strong><span data-contrast="auto"> from the sale of personal data and process or control personal data </span><strong><span data-contrast="auto">of 25,000 consumers or more</span></strong><span data-contrast="auto">.</span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":279}"> </span></li> </ul> <p><span data-contrast="auto">As is the case with most data privacy laws, the definition of “sale” includes both selling data for money and “other valuable considerations.”</span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":279}"> </span></p> <h3><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":279}">Maryland Online Data Privacy Act (MODPA)</span></h3> <p><span data-contrast="auto">The MODPA gives Maryland residents more control over how companies collect and use their personal data online. With an effective date of October 1, 2025, the new law establishes data protection rights and requires companies that track or target the state’s residents to meet stricter requirements around data collection—especially related to data minimization, consent, universal opt-out mechanisms, sensitive data, and children’s data. However, MODPA will not apply to companies’ data processing activities until April 1st, 2026. </span><span data-ccp-props="{"201341983":0,"335559738":240,"335559739":240,"335559740":276}"> </span></p> <p><span data-contrast="auto">While it is an </span><a href="https://www.osano.com/articles/opt-in-vs-opt-out"><span data-contrast="none">opt-out law</span></a><span data-contrast="auto"> (meaning consumers have the right to opt-out of processing data for certain purposes) Maryland’s privacy act is already known in the data privacy world as more stringent than many other state laws. </span><span data-ccp-props="{"201341983":0,"335559738":240,"335559739":240,"335559740":276}"> </span></p> <p><span data-contrast="auto">Maryland’s privacy law applies to anyone who conducts business in the state, as well as those who provide services or products targeted to residents of Maryland and during the prior calendar year either: </span><span data-ccp-props="{"201341983":0,"335559738":240,"335559739":240,"335559740":276}"> </span></p> <ul> <li data-leveltext="●" data-font="" data-listid="3" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769242":[8226],"469777803":"left","469777804":"●","469777815":"multilevel"}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Controlled or processed the personal data of at least 35,000 consumers, with the exception of personal data collected or processed solely for completing a payment transaction, or: </span><span data-ccp-props="{"201341983":0,"335559738":240,"335559740":276}"> </span></li> <li data-leveltext="●" data-font="" data-listid="3" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769242":[8226],"469777803":"left","469777804":"●","469777815":"multilevel"}" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"><span data-contrast="auto">Controlled or processed the personal data of at least 10,000 consumers and derived more than 20 percent of its gross revenue from the sale of personal data. </span><span data-ccp-props="{"201341983":0,"335559739":240,"335559740":276}"> </span><br><br></li> </ul> <p><span data-contrast="auto">With controller requirements and restrictions, the MODPA gets tricky. It differs from other state laws in a few key areas. </span><span data-ccp-props="{"201341983":0,"335559738":240,"335559739":240,"335559740":276}"> </span></p> <p><span data-contrast="auto">In Maryland, controllers are </span><strong><span data-contrast="auto">restricted from the collection, processing, and sharing of sensitive data</span></strong><span data-contrast="auto">, except where it’s strictly necessary to provide or maintain a specific product or service requested by the consumer. </span><span data-ccp-props="{"201341983":0,"335559738":240,"335559739":240,"335559740":276}"> </span></p> <p><span data-contrast="auto">What’s more, controllers are</span><span data-contrast="auto"> </span><strong><span data-contrast="auto">banned altogether from selling sensitive data.</span></strong></p> <p><span style="font-weight: normal;">The Maryland Office of the Attorney General's Consumer Protection Division enforces the MCPA, which has fines of up to $10,000 per violation or $25,000 for each repetition of the same violation</span><strong><span data-contrast="auto">.</span></strong></p> <h3><strong><span data-contrast="auto">The Rhode Island Data Transparency and Privacy Protection Act (RIDTPPA)</span></strong></h3> <p><span data-contrast="auto">Enacted June 29, 2024, <a href="/articles/rhode-island-data-transparency-and-privacy-protection-act-ridtppa" rel="noopener">the RIDTPPA</a> resembles many other US data privacy laws, including its requirements surrounding consent, sensitive personal information processing, and consumer rights. The law, however, does feature several important differences.</span></p> <p><span data-contrast="auto">Notably, the law also lacks a cure period. If you’re found to have violated the law, you’ll simply be fined without any grace period to fix the violation. Most state data privacy laws feature cure periods, though some expire at various dates in the future, and some are permanent features. </span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":279}"> </span></p> <p><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":279}">The law also does not require businesses to honor universal opt-out mechanisms.</span></p> <p><span data-contrast="none">If your organization is a for-profit entity and conducts business in Rhode Island or provides products or services targeted to Rhode Islanders, you may be subject to the RIDTPPA.</span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":240}"> </span></p> <p><span data-contrast="none">Specifically, you must meet the above criteria as well as one of the following:</span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":240}"> </span></p> <ul> <li data-leveltext="" data-font="Symbol" data-listid="6" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" aria-setsize="-1" data-aria-posinset="1" data-aria-level="1"><span data-contrast="none">Your organization controlled or processed at least 35,000 state residents’ personal data.</span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":240}"> </span></li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="6" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"hybridMultilevel"}" aria-setsize="-1" data-aria-posinset="2" data-aria-level="1"><span data-contrast="none">Your organization controlled or processed at least 10,000 state residents’ personal data and derived more than 20% of its gross revenue from the sale of that data.</span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":240}"> </span></li> </ul> <p><span data-contrast="none">There are exemptions, of course, but if you meet the above criteria, you likely will need to comply with the law. </span><span data-ccp-props="{"201341983":0,"335559739":160,"335559740":240}"> </span></p> <h3><span data-preserver-spaces="true">New York SHIELD Act</span></h3> <p><span data-preserver-spaces="true">In July 2019, New York passed the <a href="/articles/new-york-shield-law" rel="noopener" target="_blank">Stop Hacks and Improve Electronic Data Security (SHIELD) Act</a>. This law amends New York's existing data breach notification law and creates more data security requirements for companies that collect information on New York residents. As of March 2020, the law is fully enforceable.</span></p> <p><span data-preserver-spaces="true">This law broadened the scope of consumer privacy and provides better protection for New York residents from data breaches of their personal information. It requires employers in possession of the New York residents’ private information to “develop, implement, and maintain reasonable safeguards to protect the security, confidentiality, and integrity of the private information.”<br></span></p> <p><span data-preserver-spaces="true">Last year, in 2022, the state Attorney General <a href="https://www.dataprotectionreport.com/2022/02/new-york-shield-act-600000-settlement/" rel="noopener" target="_blank">settled</a> with an organization $600,000 for failing to meet minimum standards that led to a breach in security and a leak of personal information. While there have been no recent updates to the law, it is still very active and enforced, as shown by this settlement.</span></p> <p><span data-preserver-spaces="true">Check out our <a href="/us-data-privacy-laws" rel="noopener">U.S. data privacy laws</a> guide for a detailed summary.</span></p> <h2><strong><span data-preserver-spaces="true">European Data Privacy Laws</span></strong></h2> <p style="font-weight: normal;">The EU General Data Protection Regulation remains the law of the land, but new data privacy-related laws have been passed in the EU recently—notably, the Digital Services Act and Digital Markets Act.  Here's a refresher on the GDPR and a list of the other laws you should track to keep your organization up-to-date on data privacy in 2024.</p> <h3 style="font-weight: bold;">The General Data Protection Regulation (GDPR)</h3> <p>The most crucial data protection legislation enacted to date is the <a href="/gdpr" style="color: #7764fa;" rel="noopener" target="_blank"><span>General Data Protection Regulation (GDPR)</span></a>. It governs the collection, use, transmission, and security of data collected from residents of any of the 28 member countries of the European Union. The law applies to all EU residents, regardless of the entity's location that collects the personal data. Fines of up to € 20 million or 4% of total global turnover may be imposed on organizations that fail to comply with the GDPR. Some essential requirements of the GDPR include:</p> <h4><span data-preserver-spaces="true">Consent </span></h4> <p>Data subjects must be allowed to give explicit, unambiguous consent before the collection of personal data. Personal data includes information collected through the use of cookies. Some information not usually considered "personal information" in the United States, such as the user's computer IP address, is considered to be "personal data" according to the GDPR.</p> <h4><span data-preserver-spaces="true">Data Breach Notification</span></h4> <p>Organizations must notify supervisory authorities and data subjects within 72 hours if a data breach affects users' personal information in most cases.</p> <h4><span data-preserver-spaces="true">Data Subjects' Rights</span></h4> <p>Data subjects (people whose data is collected and processed) have <a href="/articles/data-subject-access-requests-guide" rel="noopener" target="_blank">certain rights</a> regarding their personal information. These rights should be communicated to data subjects in a clear, easy-to-access privacy policy on the organization's website.</p> <ol> <li> <p><span style="font-weight: bold;">The right to be informed.</span> Data subjects must be informed about the collection and use of their personal data when the data is obtained.</p> </li> <li> <p><strong>The right to access their data.</strong> A data subject can request a copy of their personal data via a <a href="/articles/data-subject-rights" rel="noopener" target="_blank">data subject request</a>. Data controllers must explain the means of collection, what's being processed, and with whom it is shared.</p> </li> <li> <p><strong>The right of rectification.</strong> If a data subject's data is inaccurate or incomplete, they have the right to ask you to rectify it.</p> </li> <li> <p><strong>The right of erasure.</strong> Data subjects have the right to request the erasure of personal data related to them on certain grounds within 30 days.</p> </li> <li> <p><strong>The right to restrict processing.</strong> Data subjects have the right to request the restriction or suppression of their personal data (though you can still store it).</p> </li> <li> <p><strong>The right to data portability.</strong> Data subjects can have their data transferred from one electronic system to another at any time safely and securely without disrupting its usability.</p> </li> <li> <p><strong>The right to object.</strong> Data subjects can object to how their information is used for marketing, sales, or non-service-related purposes. The right to object does not apply where legal or official authority is carried out, a task is carried out for public interest, or when the organization needs to process data to provide you with a service for which you signed up.</p> <br><span data-preserver-spaces="true"><span class="hs-cta-wrapper" id="hs-cta-wrapper-8870afc8-1c67-4323-b03f-53bd2e915b64"><span class="hs-cta-node hs-cta-8870afc8-1c67-4323-b03f-53bd2e915b64" id="hs-cta-8870afc8-1c67-4323-b03f-53bd2e915b64"><a href="https://cta-redirect.hubspot.com/cta/redirect/4785246/8870afc8-1c67-4323-b03f-53bd2e915b64" target="_blank" rel="noopener"><img class="hs-cta-img" id="hs-cta-img-8870afc8-1c67-4323-b03f-53bd2e915b64" style="border-width:0px;" src="https://no-cache.hubspot.com/cta/default/4785246/8870afc8-1c67-4323-b03f-53bd2e915b64.png" alt="If you're not prepared, complying with DSARs can be difficult and complicated. Download our guide to ensure you’re on the right path."></a></span><script charset="utf-8" src="/hs/cta/cta/current.js"></script><script type="text/javascript"> hbspt.cta._relativeUrls=true;hbspt.cta.load(4785246, '8870afc8-1c67-4323-b03f-53bd2e915b64', {"useNewLoader":"true","region":"na1"}); </script></span></span></li> </ol> <a id="DSA" data-hs-anchor="true"></a> <h3><strong><span data-preserver-spaces="true">Digital Services Act (DSA) </span></strong></h3> <p><span data-preserver-spaces="true">The new regulation addresses illegal and harmful content by compelling platforms such as Google and Facebook to remove content that doesn’t meet certain standards. The primary principle is “what is illegal offline must be illegal online,” according to the Council of the EU. The Digital Services Act (DSA) entered into force on November 16, 2022. Different provisions of the law will become effective at different times, with the law coming fully into force on February 17, 2024.</span></p> <p><span data-preserver-spaces="true">It applies to four categories of businesses:<br></span></p> <ul> <li><span data-preserver-spaces="true">Intermediary services offering network infrastructure, such as ISPs</span></li> <li><span data-preserver-spaces="true">Hosting services, such as cloud and web-hosting services</span></li> <li><span data-preserver-spaces="true">Online platforms that bring sellers and consumers together, such as online marketplaces, social platforms, and app stores</span></li> <li><span data-preserver-spaces="true">Very large online platforms, which are defined as online platforms that reach more than 10% of the 450 million consumers in Europe</span></li> </ul> <p><span data-preserver-spaces="true">Each category faces different requirements.</span></p> <p><span data-preserver-spaces="true"><span style="font-weight: bold;">All of the above categories must:</span><br></span></p> <ul> <li><span data-preserver-spaces="true">Engage in transparency reporting on court orders and actions taken, content moderation efforts, and more </span></li> <li><span data-preserver-spaces="true">Update terms of service to account for fundamental rights </span></li> <li><span data-preserver-spaces="true">Cooperate with national authorities </span></li> <li><span data-preserver-spaces="true">Establish points of contact for authorities and, when necessary, legal representatives</span></li> </ul> <p><span data-preserver-spaces="true"><span style="font-weight: bold;">Hosting services, online platforms, and very large online platforms must:</span><br></span></p> <ul> <li><span data-preserver-spaces="true">Provide a notice-and-action mechanism enabling users to note potential illegal content for the business to remove </span></li> <li><span data-preserver-spaces="true">Report criminal offenses</span></li> </ul> <p><span data-preserver-spaces="true"><span style="font-weight: bold;">Online platforms and very large platforms must:</span><br></span></p> <ul> <li><span data-preserver-spaces="true">Implement a complaint and redress mechanism </span></li> <li><span data-preserver-spaces="true">Identify trusted flaggers whose expertise adds special weight to their content notices </span></li> <li><span data-preserver-spaces="true">Take measures against abusive notices and counter-notices </span></li> <li><span data-preserver-spaces="true">If they have a marketplace feature, take special actions, such as vetting third-party suppliers’ credentials, adhering to compliance-by-design principles, and more </span></li> <li><span data-preserver-spaces="true">Not target advertisements to children or target advertisements based on users’ special characteristics</span></li> <li><span data-preserver-spaces="true">Provide transparency into content recommendation systems </span></li> <li><span data-preserver-spaces="true">Provide user-facing transparency into online advertising practices </span></li> </ul> <p><span style="font-size: 18px; font-family: 'Didact Gothic', -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Helvetica Neue', Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol', 'Noto Color Emoji';"><span style="font-weight: bold;">Very large platforms must: <br></span></span></p> <ul> <li><span data-preserver-spaces="true">Adopt risk management practices and establish crisis response protocols </span></li> <li><span data-preserver-spaces="true">Acquiesce to external, independent auditing, establish an internal compliance function, and be publicly accountable </span></li> <li><span data-preserver-spaces="true">Provide users the choice to not be subject to content recommendations based on profiling </span></li> <li><span data-preserver-spaces="true">Share data with authorities and researchers </span></li> <li><span data-preserver-spaces="true">Adhere to self-drafted codes of conduct </span></li> <li><span data-preserver-spaces="true">Cooperate with authorities during crisis response situations</span></li> </ul> <p><span data-preserver-spaces="true">EU data protection authorities may access, obtain information from, and inspect service providers to inform orders and sanctions. If a business is found to be in violation, it may be fined up to 6% of annual global turnover during the preceding financial year. If an information obligation under the DSA is violated, the maximum penalty is limited to 1% of the previous year’s income or global turnover.<br></span></p> <a id="DMA" data-hs-anchor="true"></a> <h3><strong><span data-preserver-spaces="true">The Digital Markets Act (DMA)</span></strong></h3> <p><span data-preserver-spaces="true">Coming into effect March 2024, the Digital Markets Act (DMA) covers the largest digital platforms, known as “gatekeepers,” which include companies like Facebook, Apple, Microsoft, and Google. The DMA aims to level the playing field for digital companies and prevent gatekeeper companies from imposing unfair conditions on their competitors. For example, a company like Amazon isn’t allowed to rank products on its site in a way that gives Amazon’s own products and services an advantage. </span></p> <p><span data-preserver-spaces="true">A company is considered a gatekeeper if it:<br></span></p> <ul> <li><span data-preserver-spaces="true">Has a strong economic position, significant impact on the EU market, and is active in multiple EU member states</span></li> <li><span data-preserver-spaces="true">Has a strong position as an intermediary linking a large user base to a large number of businesses</span></li> <li><span data-preserver-spaces="true">Has or will soon have an entrenched position in the market, which is determined by whether or not the company met the two previous criteria in the last three financial years</span></li> </ul> <p><span data-preserver-spaces="true">Under the DMA, businesses that qualify as gatekeepers must:<br></span></p> <ul> <li><span data-preserver-spaces="true">Not engage in self-preferencing, where the gatekeeper promotes their own products and services over an equivalent third-party product or service on the gatekeeper’s platform</span></li> <li><span data-preserver-spaces="true">Not reuse users’ data outside of the context in which it was originally collected without consent</span></li> <li><span data-preserver-spaces="true">Not track users outside of the gatekeepers’ platform for the purpose of targeted advertising without consent</span></li> <li><span data-preserver-spaces="true">Permit communication and content access between businesses and end users</span></li> <li><span data-preserver-spaces="true">Ensure price and fee transparency in advertising intermediation services</span></li> <li><span data-preserver-spaces="true">Provide access to marketing or advertising performance data on the platform to users</span></li> <li><span data-preserver-spaces="true">Make it easy for users to change their default settings and uninstall software</span></li> <li><span data-preserver-spaces="true">Ensure third-party technology can interoperate with the gatekeeper’s own</span></li> <li><span data-preserver-spaces="true">Ensure end users’ data is portable to other systems</span></li> <li><span data-preserver-spaces="true">Provide businesses with real-time access to their data on the gatekeeper’s platform</span></li> <li><span data-preserver-spaces="true">Not prevent users from making complaints to authorities</span></li> <li><span data-preserver-spaces="true">Not require user registration to additional services as a condition of accessing a given service</span></li> <li><span data-preserver-spaces="true">Not use businesses’ non-public data to compete against them </span></li> <li><span data-preserver-spaces="true">And more</span></li> </ul> <p><span data-preserver-spaces="true">Gatekeepers that violate the DMA may be subject to fines of up to 10% of annual global turnover or up to 20% in the case of repeated violations. What’s more, repeated violations may result in non-financial remedies, such as forced divestitures.</span><span data-preserver-spaces="true"></span></p> <a id="DPF" data-hs-anchor="true"></a> <h3><strong><span data-preserver-spaces="true">The EU-U.S. Data Privacy Framework<br></span></strong></h3> <p><span data-preserver-spaces="true">Although it isn't a law per se, the EU-U.S. Data Privacy Framework is an important factor to be aware of. </span></p> <p><span data-preserver-spaces="true">Previously, businesses transferring EU citizens’ data into the U.S. relied on a framework called the <a href="/articles/privacy-shield-invalidated" rel="noopener" target="_blank">Privacy Shield</a> to ensure the data was sufficiently protected, but that framework was deemed invalid during the <span style="font-style: italic;">Schrems II</span> court case. This forced businesses to rely on <a href="/articles/new-standard-contractual-clauses" rel="noopener" target="_blank">standard contractual clauses</a> approved by the European Commission to provide legal protection for data transfers. <br><br>However, these clauses are somewhat shaky, which is why there was pressure to get a replacement for the Privacy Shield stood up.</span></p> <p><span data-preserver-spaces="true">On July 10, 2023, the new <a href="/articles/eu-u.s.-data-privacy-framework-dpf" rel="noopener">EU-U.S. Data Privacy Framework</a> went into effect. It includes additional security measures, a redress mechanism for EU and U.S. citizens who feel their rights have been violated, and greater protections for foreign citizens’ data that has been transferred to the U.S. Additionally, the framework requires intelligence agencies to make updates to surveillance-related policies and procedures, followed by a review by the Privacy and Civil Liberties Oversight Board.</span></p> <p><span data-preserver-spaces="true">While the framework improves upon the Privacy Shield, it's not without its flaws. There will likely be criticisms from European privacy advocacy groups, but if the framework survives, it could be the method businesses use to transfer data between the EU and U.S.</span></p> <a id="AI-act" data-hs-anchor="true"></a> <h3><strong><span data-preserver-spaces="true">The EU AI Act</span></strong></h3> <p><span data-preserver-spaces="true">The EU’s Artificial Intelligence Act was approved on 16 June 2023 and is expected to go into effect sometime in late 2025 or early 2026. It applies to any company doing business in the EU that develops or adopts “high-risk” AI systems. These systems affect employment, credit, health care, and other critical domains.<br></span></p> <p><span data-preserver-spaces="true">The <a href="/articles/eu-ai-act" rel="noopener" target="_blank">EU AI Act</a> applies extraterritorially, meaning the law will cover companies based elsewhere if they have customers or users inside the EU, effectively making it a global regulation. </span></p> <p><span data-preserver-spaces="true">Under the Act, businesses with applicable AI systems have to:<br></span></p> <ul> <li><span data-preserver-spaces="true">Conduct impact assessments, keep records, and meet transparency obligations</span></li> <li><span data-preserver-spaces="true">Not develop systems that can be used to manipulate a person’s behavior in a manner that could cause mental or physical harm. </span></li> <li><span data-preserver-spaces="true">Not develop systems that can be used to exploit the vulnerabilities of a specific group due to their age, physical or mental disabilities, or behavior in a manner that could cause psychological or physical harm. </span></li> <li><span data-preserver-spaces="true">Not develop systems that could exploit vulnerable groups based on age, or physical or mental disability. </span></li> <li><span data-preserver-spaces="true">Not develop systems that provide real-time remote biometric data in publicly accessible spaces by law enforcement. </span><br><span data-preserver-spaces="true"></span></li> </ul> <h2><strong><span data-preserver-spaces="true">Other International Data Privacy Laws</span></strong><span data-preserver-spaces="true"></span></h2> <p style="font-weight: normal;">With over <a href="https://unctad.org/page/data-protection-and-privacy-legislation-worldwide" rel="noopener" target="_blank">130 data privacy laws</a> across the globe, it isn’t feasible to list and describe each and every one in this blog post. However, here are some important regulations that may apply to your business.</p> <ul> <li style="font-weight: normal;"><strong>Brazil’s General Law for the Protection of Personal Data, or the Lei Geral de Proteção de Dados Pessoais (LGPD)</strong>: This law came into effect in 2020 and contains many similar provisions to the GDPR. Learn more about the law in our dedicated blog article, <a href="/articles/brazil-lgpd" rel="noopener" target="_blank">The definitive guide to Brazil's privacy law, the LGPD</a>.</li> <li style="font-weight: normal;"><strong>Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)</strong>: PIPEDA was assented to in 2000, came into full force in 2004, and was considered a progressive law at the time. It was last updated in 2015 by the Data Privacy Act but still falls short of the GDPR’s regulatory standard.</li> <li style="font-weight: normal;"><strong>China’s Personal Information Protection Law (PIPL)</strong>: <a href="/articles/china-personal-information-protection-act" rel="noopener" target="_blank">PIPL</a> was enacted into law in November of 2021 and broadly maps to the GDPR’s stipulations. However, it does vary in some of its details, notably by giving individuals fewer rights, requiring a stricter standard for consent, and imposing harsher penalties.</li> <li style="font-weight: normal;"><a id="India-DPDPA" data-hs-anchor="true"></a><a href="/articles/digital-personal-data-protection-act-dpdpa" rel="noopener" style="font-weight: bold;">India's Digital Personal Data Protection Act (DPDPA)</a><span style="font-weight: bold;">:</span> Significantly, this law covers all of India's 1.4 billion people. While the law broadly mirrors the GDPR, it includes some variation, notably in the form of government exemptions.</li> </ul> <h2><strong><span data-preserver-spaces="true">Reduce Complexity and Risk With a Compliance Platform </span></strong></h2> <p>This post covered some of the major laws that have had recent updates. That excludes many smaller laws that simply haven’t been updated recently and details of the above regulations that would be too deep in the weeds for a blog post. And still, this post is well over 5,000 words long!<br><br>For businesses that know they only need to comply with one law and have no intentions of expanding to other jurisdictions, it might be possible to handle compliance in-house. It will take time, resources, and effort, but it’s feasible. Once your business becomes subject to multiple laws, a wholly homegrown approach to compliance quickly becomes overwhelmed by the complexity of different laws’ requirements. With complexity comes risk and a weakened revenue stream, whether through fines and penalties, diverted resources that could be spent on revenue generation, or the loss of consumer trust.<br><br>Whether subject to one law or multiple, businesses interested in protecting their revenue from risk invest in compliance platforms. The solutions in this category formalize the knowledge of privacy professionals through their capabilities and features, enabling privacy novices and empowering privacy professionals alike.<br><br>The Osano platform, for example, provides a means for businesses to ask for, record, and act on consumer consent, whether that’s the specific kind of <a href="/updates/osano-cmp-support-for-2023-us-privacy-laws" rel="noopener" target="_blank">consent required under the CPRA</a>, under the GDPR, or under any other privacy law. It also streamlines the process of accepting, managing, and acting on <a href="/articles/data-subject-access-requests-guide" rel="noopener">DSARs</a>. Osano’s proprietary database of <a href="/products/vendor-risk" rel="noopener">vendor privacy scores</a> also ensures you can build a vendor ecosystem that reduces risk and stay alert to emerging issues in your vendors’ privacy postures, such as recent lawsuits or privacy policy changes. The result is greater situational awareness of the state of data privacy in your business, your vendors’ business, and the market as a whole.</p></span> </div> </article> <a class="inline-btn" href="https://www.osano.com/request/demo"> <span> Schedule a demo of Osano today </span> <svg xmlns="http://www.w3.org/2000/svg" width="14" height="15" viewbox="0 0 14 15" fill="none"> <path d="M1.16667 7.51497H12.8333M12.8333 7.51497L7 1.68164M12.8333 7.51497L7 13.3483" stroke="#0E0416" stroke-width="1.66667" stroke-linecap="round" stroke-linejoin="round" /> </svg> </a> <div class="post-conversion-panel"> <div class="row align-items-center"> <div class="col-12 col-md-7"> <h3> U.S. State Laws Checklist </h3> <p> Gearing up for the new U.S. State privacy laws? Grab this checklist to help save some time. </p> <a class="inline-btn" href="https://www.osano.com/l/2023-privacy-laws-action-plan"> <span> Download Now </span> <svg xmlns="http://www.w3.org/2000/svg" width="14" height="15" viewbox="0 0 14 15" fill="none"> <path d="M1.16667 7.51497H12.8333M12.8333 7.51497L7 1.68164M12.8333 7.51497L7 13.3483" stroke="#0E0416" stroke-width="1.66667" stroke-linecap="round" stroke-linejoin="round" /> </svg> </a> </div> <div class="col-12 col-md-5 mt-4 mt-md-0"> <img src="https://www.osano.com/hs-fs/hubfs/Checklist-1.png?width=1024&height=512&name=Checklist-1.png" alt="Checklist-1" loading="lazy" width="1024" height="512" style="max-width: 100%; height: auto;" srcset="https://www.osano.com/hs-fs/hubfs/Checklist-1.png?width=512&height=256&name=Checklist-1.png 512w, https://www.osano.com/hs-fs/hubfs/Checklist-1.png?width=1024&height=512&name=Checklist-1.png 1024w, https://www.osano.com/hs-fs/hubfs/Checklist-1.png?width=1536&height=768&name=Checklist-1.png 1536w, https://www.osano.com/hs-fs/hubfs/Checklist-1.png?width=2048&height=1024&name=Checklist-1.png 2048w, https://www.osano.com/hs-fs/hubfs/Checklist-1.png?width=2560&height=1280&name=Checklist-1.png 2560w, https://www.osano.com/hs-fs/hubfs/Checklist-1.png?width=3072&height=1536&name=Checklist-1.png 3072w" sizes="(max-width: 1024px) 100vw, 1024px"> </div> </div> </div> <div class="post-author-biography"> <div class="row"> <div class="col-md-2 post-author-biography-avatar"> <img src="https://www.osano.com/hubfs/assets/avatars/Penny-250px.png"> <div class="d-md-none"> <h4> Osano Staff </h4> <p class="post-author-biography-position"> </p> </div> </div> <div class="col-md-10 author-biography-wrapper"> <div class="d-none d-md-block"> <h4> Osano Staff </h4> </div> <p class="post-author-biography-description"> Osano Staff is pseudonym used by team members when authorship may not be relevant. Osanians are a diverse team of free thinkers who enjoy working as part of a distributed team with the common goal of working to make a more transparent internet. </p> </div> </div> </div> <div class="post-share d-lg-none"> <h5> Share this article </h5> <ul> <li> <span class="d-flex align-items-center share-clipboard" id="copy-url-btn" data-url="https://www.osano.com/articles/data-privacy-laws"> <span class="tooltip-clipboard">Copy to clipboard</span> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none"> <path d="M10 13C10.4295 13.5742 10.9774 14.0492 11.6066 14.393C12.2358 14.7367 12.9315 14.9411 13.6467 14.9924C14.3618 15.0436 15.0796 14.9404 15.7514 14.6898C16.4231 14.4392 17.0331 14.0471 17.54 13.54L20.54 10.54C21.4508 9.59702 21.9548 8.334 21.9434 7.02302C21.932 5.71204 21.4062 4.45797 20.4791 3.53093C19.5521 2.60389 18.298 2.07805 16.987 2.06666C15.676 2.05526 14.413 2.55924 13.47 3.47003L11.75 5.18003M14 11C13.5706 10.4259 13.0227 9.95084 12.3935 9.60709C11.7643 9.26333 11.0685 9.05891 10.3534 9.00769C9.63822 8.95648 8.92043 9.05966 8.24867 9.31025C7.57691 9.56083 6.9669 9.95296 6.46002 10.46L3.46002 13.46C2.54923 14.403 2.04525 15.666 2.05665 16.977C2.06804 18.288 2.59388 19.5421 3.52092 20.4691C4.44796 21.3962 5.70203 21.922 7.01301 21.9334C8.32399 21.9448 9.58701 21.4408 10.53 20.53L12.24 18.82" stroke="#A8A0B1" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" /> </svg> </span> </li> <li> <a class="podcast-button-hover d-flex align-items-center podcast-share__btn" href="https://twitter.com/intent/tweet?url=https://www.osano.com/articles/data-privacy-laws" target="_blank" rel="noopener"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none"> <path d="M7.55016 21.75C16.6045 21.75 21.5583 14.2468 21.5583 7.74192C21.5583 7.53098 21.5536 7.31536 21.5442 7.10442C22.5079 6.40752 23.3395 5.54432 24 4.55536C23.1025 4.95466 22.1496 5.21544 21.1739 5.3288C22.2013 4.71297 22.9705 3.74553 23.3391 2.60583C22.3726 3.17862 21.3156 3.58267 20.2134 3.80067C19.4708 3.01162 18.489 2.48918 17.4197 2.31411C16.3504 2.13905 15.2532 2.32111 14.2977 2.83216C13.3423 3.3432 12.5818 4.15477 12.1338 5.14137C11.6859 6.12798 11.5754 7.23468 11.8195 8.29036C9.86249 8.19215 7.94794 7.68377 6.19998 6.79816C4.45203 5.91255 2.90969 4.6695 1.67297 3.14958C1.0444 4.2333 0.852057 5.51571 1.13503 6.73615C1.418 7.9566 2.15506 9.02351 3.19641 9.72005C2.41463 9.69523 1.64998 9.48474 0.965625 9.10598V9.16692C0.964925 10.3042 1.3581 11.4066 2.07831 12.2868C2.79852 13.167 3.80132 13.7706 4.91625 13.995C4.19206 14.1932 3.43198 14.2221 2.69484 14.0794C3.00945 15.0575 3.62157 15.913 4.44577 16.5264C5.26997 17.1398 6.26512 17.4807 7.29234 17.5013C5.54842 18.8712 3.39417 19.6142 1.17656 19.6107C0.783287 19.6101 0.390399 19.586 0 19.5385C2.25286 20.9838 4.87353 21.7514 7.55016 21.75Z" fill="#A8A0B1" /> </svg> </a> </li> <li> <a class="podcast-button-hover d-flex align-items-center podcast-share__btn podcast-share__btn--2" href="http://www.linkedin.com/shareArticle?mini=true&url=https://www.osano.com/articles/data-privacy-laws" target="_blank" rel="noopener"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none"> <g clip-path="url(#clip0_400_12823)"> <path d="M22.2234 0H1.77187C0.792187 0 0 0.773438 0 1.72969V22.2656C0 23.2219 0.792187 24 1.77187 24H22.2234C23.2031 24 24 23.2219 24 22.2703V1.72969C24 0.773438 23.2031 0 22.2234 0ZM7.12031 20.4516H3.55781V8.99531H7.12031V20.4516ZM5.33906 7.43438C4.19531 7.43438 3.27188 6.51094 3.27188 5.37187C3.27188 4.23281 4.19531 3.30937 5.33906 3.30937C6.47813 3.30937 7.40156 4.23281 7.40156 5.37187C7.40156 6.50625 6.47813 7.43438 5.33906 7.43438ZM20.4516 20.4516H16.8937V14.8828C16.8937 13.5562 16.8703 11.8453 15.0422 11.8453C13.1906 11.8453 12.9094 13.2937 12.9094 14.7891V20.4516H9.35625V8.99531H12.7687V10.5609H12.8156C13.2891 9.66094 14.4516 8.70938 16.1813 8.70938C19.7859 8.70938 20.4516 11.0813 20.4516 14.1656V20.4516Z" fill="#A8A0B1" /> </g> <defs> <clippath id="clip0_400_12823"> <rect width="24" height="24" fill="white" /> </clippath> </defs> </svg> </a> </li> </ul> </div> </div> </div> </div> <section class="latest-articles"> <div class="container"> <div class="row"> <div class="col-12 col-lg-8 latest-articles-header"> <h5 class="eyebrow form-hero"> Blog </h5> <h2> Check out some of our latest articles </h2> <p> Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance. </p> <div class="cta-wrapper mb-0 justify-content-start"> <a class="primary-btn" href="https://www.osano.com/articles"> <span> View All Blog Posts </span> </a> <a class="inline-btn" href="https://www.osano.com/resources"> <span> View All Resources </span> <svg xmlns="http://www.w3.org/2000/svg" width="14" height="14" viewbox="0 0 14 14" fill="none"> <path d="M1.16666 6.74984H12.8333M12.8333 6.74984L6.99999 0.916504M12.8333 6.74984L6.99999 12.5832" stroke="#0E0416" stroke-width="1.66667" stroke-linecap="round" stroke-linejoin="round" /> </svg> </a> </div> </div> </div> <div class="row latest-articles-row"> <div class="col-12 col-md-6 col-lg-4"> <div class="blog-related-posts__card"> <div class="blog-related-posts__image-wrapper"> <img src="https://www.osano.com/hubfs/post-summit%20blog.png" loading="lazy" alt="Two professionals discussing"> </div> <div class="blog-related-posts__content"> <h5 class="eyebrow form-hero "> Privacy Program Management </h5> <h3> It’s Time for Privacy Pros to Make a Strategic Shift </h3> <p class="mb-3"> The importance of effective data privacy can no longer be ignored. </p> <span class="inline-btn"> <span> Read Now </span> <svg xmlns="http://www.w3.org/2000/svg" width="14" height="15" viewbox="0 0 14 15" fill="none"> <path d="M1.16675 7.5H12.8334M12.8334 7.5L7.00008 1.66666M12.8334 7.5L7.00008 13.3333" stroke="#0E0416" stroke-width="1.66667" stroke-linecap="round" stroke-linejoin="round" /> </svg> </span> </div> <a class="mask-link" href="https://www.osano.com/articles/data-privacy-strategic-shift"></a> </div> </div> <div class="col-12 col-md-6 col-lg-4"> <div class="blog-related-posts__card"> <div class="blog-related-posts__image-wrapper"> <img src="https://www.osano.com/hubfs/Google%20Cookie%20Deprecation.png" loading="lazy" alt=""> </div> <div class="blog-related-posts__content"> <h5 class="eyebrow form-hero "> Cookie Consent </h5> <h3> Google’s Cookie Deprecation: What to Know About Chrome’s Data Collection </h3> <p class="mb-3"> If you’re feeling out of the loop about Chrome’s personal data collection, you’re... </p> <span class="inline-btn"> <span> Read Now </span> <svg xmlns="http://www.w3.org/2000/svg" width="14" height="15" viewbox="0 0 14 15" fill="none"> <path d="M1.16675 7.5H12.8334M12.8334 7.5L7.00008 1.66666M12.8334 7.5L7.00008 13.3333" stroke="#0E0416" stroke-width="1.66667" stroke-linecap="round" stroke-linejoin="round" /> </svg> </span> </div> <a class="mask-link" href="https://www.osano.com/articles/google-cookie-deprecation"></a> </div> </div> <div class="col-12 col-md-6 col-lg-4"> <div class="blog-related-posts__card"> <div class="blog-related-posts__image-wrapper"> <img src="https://www.osano.com/hubfs/Data%20Privacy%20v%20Security%20blog.png" loading="lazy" alt="Magnifying glass and lock graphic"> </div> <div class="blog-related-posts__content"> <h5 class="eyebrow form-hero "> Essentials </h5> <h3> Data Privacy and Security: What’s the Difference? </h3> <p class="mb-3"> Information has always been a form of currency in society—from buying favors to... </p> <span class="inline-btn"> <span> Read Now </span> <svg xmlns="http://www.w3.org/2000/svg" width="14" height="15" viewbox="0 0 14 15" fill="none"> <path d="M1.16675 7.5H12.8334M12.8334 7.5L7.00008 1.66666M12.8334 7.5L7.00008 13.3333" stroke="#0E0416" stroke-width="1.66667" stroke-linecap="round" stroke-linejoin="round" /> </svg> </span> </div> <a class="mask-link" href="https://www.osano.com/articles/data-privacy-and-security"></a> </div> </div> </div> </div> </section> <section class="conversion-panel "> <div class="conversion-panel-wrapper"> <div class="container"> <div class="col-12 col-xl-8 mx-xl-auto conversion-panel__header text-center px-0"> <h5 class="eyebrow form-hero"> </h5> <h2 class="conversion-panel__heading"> Simplify Data Privacy Compliance </h2> <p> With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today. </p> <div class="cta-wrapper mb-0 "> <a class="primary-btn btn-lg" href="https://www.osano.com/request/demo"> <span> Book a Demo </span> </a> <a class="secondary-btn btn-lg" href="https://www.osano.com/plans"> <span> Get Started </span> </a> </div> </div> </div> </div> </section> </div> <script type="text/javascript"> var classname = document.getElementsByClassName("share-clipboard"); var listenFunction = function() { const currentDom = this; currentDom.querySelector(".tooltip-clipboard").classList.add("tooltip-active"); setTimeout(function() { currentDom.querySelector(".tooltip-clipboard").classList.remove("tooltip-active"); }, 1000); }; for (var i = 0; i < classname.length; i++) { classname[i].addEventListener('click', listenFunction, false); } </script> <style> .share-clipboard { position: relative; } .tooltip-clipboard { position: absolute; top: -40px; border-radius: 6px; padding: 8px; background: #000; color: #fff; font-size: 12px; left: 0px; width: 110px; z-index: 2; transition: 200ms ease-in-out; opacity: 0; transform: translateY(10px); } .tooltip-clipboard:before { content: ''; width: 8px; height: 8px; transform: rotate(135deg); background: #000; position: absolute; bottom: -4px; left: 12px; } .tooltip-active { opacity: 1; transform: translateY(0px); } </style> </main> <div data-global-resource-path="Osano/templates/partials/footer.html"><div id="hs_cos_wrapper_module_16795059098115" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module"><footer class="footer"> <div class="container"> <div class="footer-desktop-grid"> <div class="footer-grid-wrapper"> <div class="footer-logo-wrapper"> <div class="footer-logo-container"> <a class="footer-logo-link" href="https://www.osano.com/"> <img class="footer-logo-image" src="https://www.osano.com/hubfs/assets/logos/header%20logo%20vector.svg" alt="header logo vector"> </a> </div> <p class="footer-logo-tagline intro">The Simple, All-in-One Data Privacy Platform</p> </div> <div class="footer-form-wrapper"> <h4 class="footer-form-heading text-lg semibold-weight">Subscribe to Osano news & insights</h4> <span id="hs_cos_wrapper_module_16795059098115_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_form" style="" data-hs-cos-general-type="widget" data-hs-cos-type="form"><h3 id="hs_cos_wrapper_form_339722574_title" class="hs_cos_wrapper form-title" data-hs-cos-general-type="widget_field" data-hs-cos-type="text"></h3> <div id="hs_form_target_form_339722574"></div> </span> </div> </div> <div class="footer-links-wrapper"> <div class="footer-grid"> <h4 class="footer-link-category text-md semibold-weight">Products</h4> <div class="footer-links-grid-container"> <a class="footer-link" href="https://www.osano.com/products"> The Osano Platform </a> <a class="footer-link" href="https://www.osano.com/cookieconsent"> Cookie Consent </a> <a class="footer-link" href="https://www.osano.com/products/unified-consent-preference-hub"> Unified Consent & Preference Hub </a> <a class="footer-link" href="https://www.osano.com/products/subject-rights"> Subject Rights Management </a> <a class="footer-link" href="https://www.osano.com/products/data-mapping"> Data Mapping </a> <a class="footer-link" href="https://www.osano.com/products/vendor-risk"> Vendor Management </a> <a class="footer-link" href="https://www.osano.com/products/privacy-assessments"> Assessments </a> <a class="footer-link" href="/features/privacy-templates"> Privacy Templates </a> <a class="footer-link" href="https://www.osano.com/features/gdpr-representative"> GDPR Representative </a> <a class="footer-link" href="https://www.osano.com/features/regulatory-guidance"> Regulatory Guidance </a> <a class="footer-link" href="https://www.osano.com/features/privacy-experts"> Consult Privacy Team </a> </div> </div> <div class="footer-grid"> <h4 class="footer-link-category text-md semibold-weight">Company</h4> <div class="footer-links-grid-container"> <a class="footer-link" href="https://www.osano.com/company/about"> About Us </a> <a class="footer-link" href="https://www.osano.com/company/careers"> Careers </a> <a class="footer-link" href="https://www.osano.com/company/contact"> Contact </a> <a class="footer-link" href="https://www.osano.com/pledge"> Our Pledge </a> <a class="footer-link" href="https://www.osano.com/pr"> Press & Media </a> <a class="footer-link" href="https://www.osano.com/company/data"> Data Licensing </a> <a class="footer-link" href="https://www.osano.com/company/partners-resellers"> Partners & Resellers </a> <a class="footer-link" href="https://www.osano.com/company/partners-resellers-gate" rel="nofollow"> Partner Resources </a> <a class="footer-link" href="https://shop.osano.com" target="_blank" rel="noopener"> Osano Swag Store </a> </div> </div> <div class="footer-grid"> <h4 class="footer-link-category text-md semibold-weight">Resources</h4> <div class="footer-links-grid-container"> <a class="footer-link" href="https://www.osano.com/articles"> Articles </a> <a class="footer-link" href="https://www.osano.com/podcast"> Podcast </a> <a class="footer-link" href="https://www.osano.com/customers"> Customer Stories </a> <a class="footer-link" href="https://www.osano.com/resources"> Resource Center </a> <a class="footer-link" href="https://www.osano.com/events"> Events </a> <a class="footer-link" href="https://www.osano.com/newsletter"> Newsletter </a> <a class="footer-link" href="https://www.osano.com/guide/privacy-program-maturity-model/introduction"> Privacy Program Maturity Model </a> <a class="footer-link" href="https://www.osano.com/faq"> FAQs </a> <a class="footer-link" href="https://www.osano.com/plans"> Plans & Pricing </a> <a class="footer-link" href="https://www.osano.com/request/demo"> Schedule a Demo </a> <a class="footer-link" href="https://www.osano.com/updates"> Product Updates </a> <a class="footer-link" href="https://docs.osano.com/"> Documentation </a> <a class="footer-link" href="https://developers.osano.com/" target="_blank" rel="noopener"> Developer Documentation </a> <a class="footer-link" href="https://status.osano.com/" target="_blank" rel="noopener"> System Status </a> <a class="footer-link" href="https://github.com/osano" target="_blank" rel="noopener"> Open Source </a> <a class="footer-link" href="/sitemap"> Sitemap </a> </div> </div> <div class="footer-grid"> <h4 class="footer-link-category text-md semibold-weight">Legal</h4> <div class="footer-links-grid-container"> <a class="footer-link" href="https://osano.trusthub.com/cookies"> Cookies </a> <a class="footer-link" href="https://osano.trusthub.com/dpa"> DPA </a> <a class="footer-link" href="https://osano.trusthub.com/gdpr"> GDPR </a> <a class="footer-link" href="https://osano.trusthub.com/privacy"> Privacy </a> <a class="footer-link" href="https://osano.trusthub.com/terms"> Terms </a> <a class="footer-link" href="https://www.osano.com/american-privacy-rights-act-apra"> APRA </a> </div> </div> </div> </div> <div class="footer-social-links-wrapper"> <div class="footer-social-links-container"> <a class="footer-social-link" href="https://twitter.com/Osano" data-icon="twitter" target="_blank" rel="noopener"> </a> <a class="footer-social-link" href="https://www.linkedin.com/company/osano/" data-icon="linkedin" target="_blank" rel="noopener"> </a> <a class="footer-social-link" href="https://www.facebook.com/osanoatx/" data-icon="facebook" target="_blank" rel="noopener"> </a> </div> <p class="footer-copyright-text text-md">© 2018 - 2024 · Osano, Inc., a Public Benefit Corp · Osano is a registered trademark of Osano, Inc. a Public Benefit Corporation · Nothing on the Osano website, platform, or services, nor any portion thereof constitutes actual legal or regulatory advice, opinion, or recommendation by Osano, Inc. a Public Benefit Corporation, Osano International Compliance Services LTD, or Osano UK Compliance LTD. If legal assistance is required, users should seek the services of an attorney.</p> </div> </div> </footer></div></div> </div>  <script defer src="/hs/hsstatic/content-cwv-embed/static-1.1293/embed.js"></script> <script> var hsVars = hsVars || {}; hsVars['language'] = 'en'; </script> <script src="/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js"></script> <script src="https://www.osano.com/hs-fs/hub/4785246/hub_generated/template_assets/107540964238/1713300295805/Osano/js/main.min.js"></script> <script src="https://www.osano.com/hs-fs/hub/4785246/hub_generated/template_assets/110533867323/1724946162125/Osano/js/jquery.min.js"></script> <script src="https://www.osano.com/hs-fs/hub/4785246/hub_generated/module_assets/111415423003/1727864669119/module_111415423003_Header.min.js"></script> <script src="https://www.osano.com/hs-fs/hub/4785246/hub_generated/template_assets/110826992732/1713300295779/Osano/js/gsap.min.js"></script> <script src="https://www.osano.com/hs-fs/hub/4785246/hub_generated/template_assets/110825589668/1713300297127/Osano/js/ScrollTrigger.min.js"></script> <script src="https://www.osano.com/hs-fs/hub/4785246/hub_generated/module_assets/113269451948/1728404784535/module_113269451948_Hero_-_Blog_Detail.min.js"></script>  <script data-hs-allowed="true" src="/_hcms/forms/v2.js"></script> <script data-hs-allowed="true"> var options = { portalId: '4785246', formId: '162149ed-dd87-457a-9bc7-d18001586306', formInstanceId: '4905', pageId: '13785924636', region: 'na1', pageName: "Data Privacy Laws: What You Need to Know in 2024", inlineMessage: "Thanks for submitting the form.", rawInlineMessage: "Thanks for submitting the form.", hsFormKey: "a32e4ed46fa9fee91905d0b1b6e693a4", css: '', target: '#hs_form_target_form_75702019', contentType: "blog-post", formsBaseUrl: '/_hcms/forms/', formData: { cssClass: 'hs-form stacked hs-custom-form' } }; options.getExtraMetaDataBeforeSubmit = function() { var metadata = {}; if (hbspt.targetedContentMetadata) { var count = hbspt.targetedContentMetadata.length; var targetedContentData = []; for (var i = 0; i < count; i++) { var tc = hbspt.targetedContentMetadata[i]; if ( tc.length !== 3) { continue; } targetedContentData.push({ definitionId: tc[0], criterionId: tc[1], smartTypeId: tc[2] }); } metadata["targetedContentMetadata"] = JSON.stringify(targetedContentData); } return metadata; }; hbspt.forms.create(options); </script>  <script defer src="https://js.hubspot.com/web-interactives-embed.js" type="text/javascript" id="hubspot-web-interactives-loader" data-loader="hs-previewer" data-hsjs-portal="4785246" data-hsjs-env="prod" data-hsjs-hublet="na1"></script>  <script data-hs-allowed="true"> var options = { portalId: '4785246', formId: '162149ed-dd87-457a-9bc7-d18001586306', formInstanceId: '754', pageId: '13785924636', region: 'na1', pageName: "Data Privacy Laws: What You Need to Know in 2024", inlineMessage: "<p>Thanks for subscribing.<\/p>", rawInlineMessage: "<p>Thanks for subscribing.<\/p>", hsFormKey: "542600390307f16b117ef0aa90123969", css: '', target: '#hs_form_target_form_339722574', contentType: "blog-post", formsBaseUrl: '/_hcms/forms/', formData: { cssClass: 'hs-form stacked hs-custom-form' } }; options.getExtraMetaDataBeforeSubmit = function() { var metadata = {}; if (hbspt.targetedContentMetadata) { var count = hbspt.targetedContentMetadata.length; var targetedContentData = []; for (var i = 0; i < count; i++) { var tc = hbspt.targetedContentMetadata[i]; if ( tc.length !== 3) { continue; } targetedContentData.push({ definitionId: tc[0], criterionId: tc[1], smartTypeId: tc[2] }); } metadata["targetedContentMetadata"] = JSON.stringify(targetedContentData); } return metadata; }; hbspt.forms.create(options); </script>  <script type="text/javascript"> var _hsq = _hsq || []; _hsq.push(["setContentType", "blog-post"]); _hsq.push(["setCanonicalUrl", "https:\/\/www.osano.com\/articles\/data-privacy-laws"]); _hsq.push(["setPageId", "13785924636"]); _hsq.push(["setContentMetadata", { "contentPageId": 13785924636, "legacyPageId": "13785924636", "contentFolderId": null, "contentGroupId": 9895000587, "abTestId": null, "languageVariantId": 13785924636, "languageCode": "en", }]); </script> <script type="text/javascript"> var hbspt = hbspt || {}; (hbspt.targetedContentMetadata = hbspt.targetedContentMetadata || []).push(...[]); var _hsq = _hsq || []; _hsq.push(["setTargetedContentMetadata", hbspt.targetedContentMetadata]); </script> <script type="text/javascript" id="hs-script-loader" async defer src="/hs/scriptloader/4785246.js?businessUnitId=0"></script>  <script type="text/javascript"> var hsVars = { render_id: "79d809cc-d8e4-4853-9c0d-8caa0cc32b14", ticks: 1732784407140, page_id: 13785924636, content_group_id: 9895000587, portal_id: 4785246, app_hs_base_url: "https://app.hubspot.com", cp_hs_base_url: "https://cp.hubspot.com", language: "en", analytics_page_type: "blog-post", scp_content_type: "", analytics_page_id: "13785924636", category_id: 3, folder_id: 0, is_hubspot_user: false } </script> <script defer src="/hs/hsstatic/HubspotToolsMenu/static-1.354/js/index.js"></script> <script> const targetNodeHelloBar = document.body; const configHelloBar = { attributes: true, childList: true, subtree: false }; const isHelloBar = function(n){ if( typeof n.classList === "object" && n.classList.length > 0 && n.classList.contains("leadinModal") && n.classList.contains("leadinModal-theme-top") && n.classList.contains("leadinModal-formless") ){ return true; } } const callbackHelloBar = function(mutationsList, observer) { mutationsList.forEach((mutation) => { if (mutation.type === 'childList') { if(typeof mutation.addedNodes === "object" && mutation.addedNodes.length >= 1){ mutation.addedNodes.forEach((n) => { if(isHelloBar(n)){ if(typeof document.getElementsByTagName("header")[0] !== "undefined"){ document.getElementsByTagName("header")[0].style.top = String(n.offsetHeight) + "px"; } } }); } else if(typeof mutation.removedNodes === "object" && mutation.removedNodes.length >= 1){ mutation.removedNodes.forEach((n) => { if(isHelloBar(n)){ if(typeof document.getElementsByTagName("header")[0] !== "undefined"){ document.getElementsByTagName("header")[0].style.top = "0px"; } } }); } } }); }; const observerHelloBar = new MutationObserver(callbackHelloBar); observerHelloBar.observe(targetNodeHelloBar, configHelloBar); /* site search form itercept */ document.querySelectorAll('form.search-form').forEach(e => { e.addEventListener('submit', function (event) { event.preventDefault(); let searchTerm = event.target.querySelector('input.searchInput').value; let searchScopeSelect = event.target.querySelector('select.searchScope'); let searchResultURL = "/search?term=" + searchTerm; let searchTail = "&utm_campaign=siteSearch&utm_source=internal&utm_medium=search&utm_term=" + searchTerm; if (searchScopeSelect != null && searchScopeSelect.options[searchScopeSelect.selectedIndex].value.length > 0) { searchResultURL += "&searchScope=" + searchScopeSelect.options[searchScopeSelect.selectedIndex].value; searchTail += "&utm_content=" + searchScopeSelect.options[searchScopeSelect.selectedIndex].value; } else { searchTail += "&utm_content=all"; } _hsq.push([ 'trackCustomBehavioralEvent', { name: "pe4785246_www_search", properties: { hs_search_term: searchTerm }, }, ]); window.location.href = searchResultURL + searchTail; return false; }); }); document.querySelectorAll('a.js-toggle-search').forEach(e => { e.onclick = function(){ let searchBar = document.getElementById('searchBar'); if(typeof searchBar != null){ searchBar.classList.toggle('faded'); } } }); function bindToSalesChat(){ window.HubSpotConversations.on('conversationStarted', payload => { console.log("Sales Chat triggered"); _hsq.push([ 'trackCustomBehavioralEvent', { name: "pe4785246_chatted_with_sales" }, ]); }); } if (window.HubSpotConversations) { bindToSalesChat(); } else { window.hsConversationsOnReady = [ () => { bindToSalesChat(); }, ]; } setTimeout(function(){ console.log(" ___ ___ ___ ___ ___ \n| . |_ -| .'| | . | \n|___|___|__,|_|_|___|\n\n"); console.log('Love to code? Like 💰?\n'); console.log('Head over to https://www.osano.com/company/careers\n\n'); console.log('Curious about our 🍪?\n'); console.log('Until you\'ve consented only cookies allowed by default in your country are loaded.'); }, 3000); </script> <script async src="https://www.googletagmanager.com/gtag/js?id=AW-739694307"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'AW-739694307'); </script> <script type="text/javascript"> _linkedin_partner_id = "1118170"; window._linkedin_data_partner_ids = window._linkedin_data_partner_ids || []; window._linkedin_data_partner_ids.push(_linkedin_partner_id); </script> <script src="https://snap.licdn.com/li.lms-analytics/insight.min.js" async></script> <script> window[(function(_Rl5,_MG){var _L7='';for(var _EG=0;_EG<_Rl5.length;_EG++){var _Bl=_Rl5[_EG].charCodeAt();_Bl-=_MG;_L7==_L7;_Bl+=61;_Bl%=94;_Bl+=33;_MG>8;_Bl!=_EG;_L7+=String.fromCharCode(_Bl)}return _L7})(atob('JnN6Pjs2MS9AdTFF'), 42)] = '94c50db2c91682437427';var zi = document.createElement('script');(zi.type = 'text/javascript'),(zi.async = true),(zi.src = (function(_XnW,_PB){var _5x='';for(var _rb=0;_rb<_XnW.length;_rb++){_vf!=_rb;var _vf=_XnW[_rb].charCodeAt();_vf-=_PB;_vf+=61;_PB>3;_vf%=94;_5x==_5x;_vf+=33;_5x+=String.fromCharCode(_vf)}return _5x})(atob('eScnIyZLQEB7Jj8tej4mdCV6IycmP3QifkAtej4ncng/eyY='), 17)),document.readyState === 'complete'?document.body.appendChild(zi):window.addEventListener('load', function(){document.body.appendChild(zi)});</script> </body></html>

CINXE.COM

Data Privacy Laws: What You Need to Know in 2024 | Osano