January 4, 2023

Starting this week, data-related tech companies will face one of their greatest fears: a collection of state-level laws dictating how they collect, store, and share consumer data, rather than a federal law.

The tech companies argue that inconsistent state privacy laws place an undue burden on businesses by requiring them to set up different protocols for users in different states. Regardless, businesses in Virginia and California are about to begin complying with a new set of data protection laws.

Virginia’s industry-backed privacy law went into effect on January 1, giving consumers the right to access, correct, and delete the data that businesses collect about them, as well as the ability to opt out of data collection entirely.

While the California Privacy Rights Act, which requires businesses to provide consumers with a privacy notice explaining the type of data collected and the purposes behind the collection, also went into effect, changes to the 2018 California Consumer Privacy Act will be implemented following a 2020 ballot initiative. Colorado, Connecticut, and Utah all have bills in the works that are set to go into effect this year.

One of the most important takeaways from each state’s law is that only California allows residents to sue companies for data collection violations. Other states allow their attorney general’s offices to levy fines ranging from $5,000 to $20,000 per violation. Furthermore, when compared to California, Virginia, and Colorado, Utah’s standards will apply to fewer businesses.

The sources for this piece include an article in Axios.