
As we usher in a new year, significant changes are on the horizon for privacy regulations across several states.
Beginning January 1, 2025, Delaware, Iowa, Nebraska, and New Hampshire will roll out their new privacy laws.
Following closely, New Jersey’s statute will take effect on January 15, 2025.
By mid-2025, states like Tennessee, Minnesota, and Maryland will join the trend with their own privacy laws scheduled to launch on July 1, July 31, and October 1, respectively.
With this expanding patchwork of state regulations, it is crucial for businesses to revisit their current privacy strategies to pinpoint and rectify any deficiencies in their compliance frameworks.
Amendments to the Colorado Privacy Act Announced by the Attorney General
In Colorado, the Attorney General has announced upcoming amendments to the Colorado Privacy Act (CPA), which will come into play starting January 30, 2025.
These changes are geared towards enhancing the protection of biometric data and the online activities of minors.
Under the revised law, companies will need to establish and maintain a formal policy regarding biometric data and implement adequate security measures to protect this sensitive information.
Additionally, businesses must inform individuals about data collection practices, secure consent from employees for processing biometric data, and uphold an individual’s rights to access their own data.
The rules surrounding minors are also getting stricter, as organizations will be required to obtain explicit consent before implementing features significantly affecting the online experience of known minors.
Lastly, organization-wide Data Protection Assessments will need to be updated to reflect any increased risks associated with handling minors’ data.
Businesses already governed by the CPA must take note of their newfound obligations concerning employee biometric data, which was previously exempt from these regulations.
California Adjusts Penalties and Fines under CCPA
The California Privacy Protection Agency (CPPA), responsible for enforcing the California Consumer Privacy Act (CCPA), recently revealed adjustments to fines and thresholds tied to changes in the Consumer Price Index.
These updates occur in January of every odd-numbered year.
As a result, the monetary threshold for the CCPA now stands at $26,625,000.
Additionally, the range for damages awarded per consumer incident has shifted from between $100 and $750 to between $107 and $799.
Moreover, penalties for civil violations have been increased—the lag under the CCPA per violation has risen from $2,500 to $2,663, and the fine for intentional violations has increased from $7,500 to $7,988.
These revised amounts became effective as of January 1, 2025.
CPPA Advocates for Browser Opt-Out Feature Legislation
In a recent move, the CPPA has endorsed a legislative initiative designed to streamline the opt-out process for California residents who wish to prevent the sale of their personal information or its use for cross-context behavioral advertising.
This follows last year’s veto of similar legislation by Governor Newsom.
The new proposal would require browser developers to provide functionality that allows users to easily exercise their opt-out rights through preference signals.
Under the CCPA, businesses would be obligated to honor these signals as legitimate opt-out requests, giving consumers a hassle-free way to communicate their preferences without the need to repeatedly interact with each online provider.
Should this proposal gain approval, California would lead the way in requiring browser vendors to enable these important user options.
Notably, six other states—Colorado, Connecticut, Delaware, Montana, Oregon, and Texas—currently require businesses to acknowledge browser privacy signals as official opt-out requests.
Source: Natlawreview