By: Erin Gray

 

As technological devices continue to develop and have increased access to user data, consumers are persistently more concerned with their data being mishandled.  A Deloitte survey in 2022 found that 67% of smartphone users and 62% of smart home users are anxious about their data security and privacy.  Specifically, location tracking is a major issue for consumers, as more than six in ten respondents are worried about their movement or behavior being tracked.  These fears are certainly not unfounded.  This same survey quoted that “2021 set a record for total data breaches, and the incidents in 2022 affected an even greater number of people.”  Despite this heightened fear, consumers still don’t fully understand how businesses are collecting their private information and sharing it with others.  Just as these advanced technologies make individuals more connected, businesses can now gather and share increasing amounts of data with one another.

 

With the implementation of the European Union’s General Data Protection Regulation and California’s Consumer Privacy Act, consumers are becoming hyperaware of the risks to their personal data.  Consequently, consumers are demanding that state and federal legislatures create legislation that gives them the “ability to exercise their privacy rights[.]”  Moreover, an increasing number of Americans view the right to privacy as a human right.  In response to this, some state legislators have been slowly rolling out comprehensive privacy laws.

 

The first comprehensive state privacy law enacted was the California Consumer Privacy Act (“CCPA”) in January of 2020.  The CCPA gives consumers increased control over their personal data and articulates guidance on how organizations should implement the law.  This landmark legislation outlined four new privacy rights for California consumers: (1) the right to know; (2) the right to opt-out; (3) the right to non-discrimination; and (4) the right to delete.  States have used this legislation as inspiration for their privacy legislation.  California implemented other groundbreaking legislation such as the California Privacy Rights Act (CPRA) and the creation of the California Privacy Protection Agency (CPPA).  Virginia was next to enact legislation known as Virginia’s Consumer Data Protection Act in January of 2023.  Similar to the California law, this law provides Virginia residents with certain rights over their personal data that is collected by businesses.  Subsequently, Colorado, Connecticut and Utah followed behind with legislation within 2023.  As of today, fourteen out of the fifty states within the United States have passed comprehensive privacy legislation.  The most recent legislation was passed in New Jersey.

 

The New Jersey Data Protection Act, like many privacy laws before it, regulates entities and individuals conducting business in New Jersey or offering products or services to residents within New Jersey.  This Act broadens what is defined as sensitive personal information by including consumer financial information and other elements.  However, unlike other privacy laws, this Act “excludes contact data or personal data associated with employees residing in New Jersey.”  Moreover, this law stands out from other privacy laws in several ways.  Firstly, the law differs in its scope, specifically there is no specified percentage requirement in terms of revenue that lowers the coverage threshold.  Secondly, the Act includes a very broad definition of biometric data and a distinct requirement for a general notice if using pixels, cookies, or other tracking technology.  Finally, New Jersey expands the use of Universal Opt-Out Mechanisms (UOOMs) by including profiling activities, advertising and data sales.

 

The potential capability of technology feels almost unlimited, especially considering the recent development artificial intelligence across a multitude of industries.  Users of said technology reap a multitude of benefits as it allows us to be more connected to one another and make daily life more efficient.  However, we cannot ignore the pressing privacy concerns over the massive amounts of data that we will continue to produce.  States across the country are finally understanding the importance of said protection and have initiated the process of enacting privacy legislation.  About sixteen states are currently working within their legislative bodies to produce an act that protects their constituents from the dangers of data consumption and sharing.  Despite this improvement, Americans should also be concerned regarding the lack of adequate data protection regulations at the federal level.  With increased usage of new technology, such as artificial intelligence, the federal government has an obligation to work as the states are and implement legislation that can adequately protect our privacy interests.

Student Bio: Erin Gray is a second-year law student at Suffolk University Law School. She is a staff writer for the Journal of High Technology Law. Due to her passion for technology law, Erin is also on the Executive Board of two student organizations, the Data Privacy & Cybersecurity Law Association and the Legal Innovation & Technology Student Association.

 

Disclaimer: The views expressed in this blog are the views of the author alone and do not represent the views of JHTL or Suffolk University Law School.