(1) Has annual gross revenues > $25 mil;
(2) Annually buys, sells, or shares private data of fifty,000 or extra customers or households; or
(3) Derives 50% or extra annual revenues from promoting private data
Person conducts enterprise in VA or produces services or products focused to VA residents and:
(1) Processes private knowledge of 100,000 or extra customers throughout a calendar 12 months; or
(2) Derives income or receives a reduction on items or providers from the sale of non-public knowledge, and processes private knowledge of 25,000 or extra customers
Controller conducts enterprise in CO or produces services or products focused to CO residents and:
(1) Processes private knowledge of 100,000 or extra customers throughout a calendar 12 months; or
(2) Derives income or receives a reduction on items or providers from the sale of non-public knowledge, and processes private knowledge of 25,000 or extra customers
Person conducts enterprise in CT or produces services or products focused to CT residents and through previous calendar 12 months:
(1) Controlled or processed private knowledge of 100,000 or extra customers, excluding private knowledge managed or processed solely for the aim of finishing a cost transaction; or
(2) managed or processed private knowledge of 25,000 or extra customers and derived > 25% of gross income from the sale of non-public knowledge
(1) has annual income of $25,000,000 or extra; and
(2) Controls or processes private knowledge of 100,000 or extra customers or derives > 50% of gross income from the sale of non-public knowledge and
controls or processes private knowledge of 25,000 or extra customers
- Mental/bodily well being situation or analysis
- Genetic/biometric data
Personal data pertaining to kids isn’t outlined as “sensitive,” however parental consent is required for the “sale” of non-public data pertaining to kids beneath 13, and teenagers beneath 16 should opt-in to a “sale” of their private data
X
Personal knowledge pertaining to kids isn’t outlined as “sensitive,” however controllers should adjust to COPPA
X
X
X
X
X
X
X
X
X
X
X
X
X
X
Personal data pertaining to kids isn’t outlined as “sensitive,” however parental consent is required for the “sale” of non-public data pertaining to kids beneath 13, and teenagers beneath 16 should opt-in to a “sale” of their private data
X
No, however proper to restrict use and disclosure of delicate private data
Consent required to course of delicate knowledge, and consent from guardian or guardian required to course of delicate knowledge pertaining to a baby
Consent required to course of delicate knowledge, and consent from guardian or guardian required to course of delicate knowledge pertaining to a baby
Consent required to course of delicate knowledge, and consent from guardian or guardian required to course of delicate knowledge pertaining to a baby (defers to COPPA)
Consent required to course of private knowledge for focused promoting or promote private knowledge if Controller has precise information, and willfully disregards, that the buyer is 13-16 years of age
X
Controller should present client with discover and proper to opt-out of knowledge assortment
Children’s knowledge isn’t outlined as “sensitive,” however controllers should adjust to COPPA
- Disclosure of non-public knowledge to a processor
- Disclosure of non-public knowledge to a 3rd celebration to supply a services or products requested by a client
- Disclosure or switch of non-public knowledge to an affiliate
- Disclosure of non-public knowledge as a part of a merger, acquisition, chapter, or comparable transaction
- Disclosure of non-public knowledge at client’s route or deliberately by client
- Disclosure of non-public knowledge to a processor
- Disclosure of non-public knowledge to a 3rd celebration to supply a services or products requested by a client
- Disclosure or switch of non-public knowledge to an affiliate
- Disclosure of non-public knowledge as a part of a merger, acquisition, chapter, or comparable transaction
- Disclosure of non-public knowledge at client’s route or deliberately by client
- Disclosure of non-public knowledge to a processor
- Disclosure of non-public knowledge to a 3rd celebration to supply a services or products requested by a client
- Disclosure or switch of non-public knowledge to an affiliate
- Disclosure of non-public knowledge as a part of a merger, acquisition, chapter, or comparable transaction
- Disclosure of non-public knowledge at client’s route or deliberately by client
- Disclosure of non-public knowledge to a processor
- Disclosure of non-public knowledge to a 3rd celebration to supply a services or products requested by a client or a guardian/guardian on behalf of a kid
- Disclosure or switch of non-public knowledge to an affiliate
- Disclosure of non-public knowledge as a part of a merger, acquisition, chapter, or comparable transaction
- Disclosure of non-public knowledge at client’s route or deliberately by client
Right to know classes, particular items of non-public data collected, and classes of sources and events with whom data is shared
Business should present at the least two strategies for making requests, together with toll-free quantity
Business should present at the least two strategies for making requests, together with toll-free quantity
X
Business should present at the least two strategies for making correction requests, together with toll-free quantity
X
- Opt-in consent for customers beneath 16
- Parental consent for customers beneath 13
- Provide at the least two strategies for requests
- Websites should embrace hyperlink to “Do Not Sell My Personal Information” web page
Right to opt-out of sale or sharing of non-public data
Websites should embrace “Limit the Use of My Sensitive Personal Information” hyperlink along with “Do Not Sell or Share My Personal Information” hyperlink
Right to opt-out of sale of non-public knowledge, focused promoting, and profiling
Contemplates a user-selected common opt-out mechanism efficient 7/1/2024
Right to opt-out of processing private knowledge for focused promoting, the sale of non-public knowledge, or profiling
Methods employed to permit customers to train their rights should embrace a web site hyperlink to a web page that permits a client or agent to opt-out of focused promoting or a sale of non-public knowledge
No later than 1/1/2025, Controllers should enable customers to opt-out of focused promoting or a sale of non-public knowledge via an opt-out choice sign despatched, with a client’s consent, by a platform, know-how, or mechanism indicating the intent to opt-out
Data must be offered in a format simply comprehensible to the common client, and to the extent technically possible, in a structured, generally used, machine-readable format
Opt-Out Requests: Respond inside 15 enterprise days
X
X
Agent can invoke proper to opt-out of a sale, focused promoting, or profiling
X
X
Parental consent isn’t required for the gathering of non-public data from kids, however parental consent is required for the “sale” of non-public data pertaining to kids beneath 13, and teenagers beneath 16 should opt-in to a “sale” of their private data
Defers to COPPA
Defers to COPPA
Requires contracts between Businesses and Service Providers
New outlined time period of “Contractor” and new necessities for contracts between Businesses and Contractors
Requires contracts between Controllers and Processors
Requires contracts between Controllers and Processors
Requires contracts between Controllers and Processors
Requires contracts between Controllers and Processors
At least 24 months
X
X
X
X
X
X
Only within the occasion of a safety breach that compromises “personal information” (as that time period is outlined in a separate California knowledge breach notification regulation)
Extends CCPA non-public proper of motion to breach of a username and password that allows entry to an account