In the United States, new data privacy laws will take effect in the second half of 2024 – in Florida, Texas, Oregon and Montana . Companies that operate in these states or have customers in these states will need to review their data privacy practices to ensure compliance with the new data privacy laws.
To make this process easier for you, in this article we will first explain where to find the US-specific privacy settings in your dashboard for the laws already in force in the US states of Colorado, Utah, Connecticut, California, Virginia and Washington . In the second part, we will discuss the new data protection laws that will come into force in the future and the main requirements they bring with them.
How to find the US privacy settings in the consentmanager CMP dashboard
Follow these simple steps to adjust your website’s compliance settings to U.S. data protection laws:
- Log in to your CMP dashboard at https://app.consentmanager.net
- Navigate to the “CMPs” section and select “Legal”.
- Scroll down to find the US Privacy Settings section where you will find configurations for:
- California Consumer Privacy Act (CCPA)
- Colorado Privacy Act (CPA)
- Connecticut Act Concerning Personal Data Privacy (CAPDP)
- Florida Digital Bill of Rights (FDBR)
- Montana Consumer Data Privacy Act (MTCDPA)
- Oregon Consumer Data Privacy Act (OCDPA)
- Texas Data Privacy and Security Act (TDPSA)
- Utah Consumer Privacy Act (UCPA)
- Virginia Consumer Data Protection Act (VCDPA)
- Washington My Health My Data Act (WADA)
It’s that easy! Now simply click on the US law you wish to activate.
Advanced options with layer logic for your cookie banner
Our CMP dashboard doesn’t just allow you to comply with the law; it also provides sophisticated options to tailor how your website interacts with visitors concerning their data privacy preferences. Here are the five layer logic options available in your dashboard, allowing you to control what your visitors see and how they interact with privacy settings on your site:
- Ask for Opt-in (show notification): This setting actively asks visitors to give their consent before non-essential cookies are used.
- Allow Opt-in (no notification): This means that users have the option to refuse non-essential cookies, but they will not be informed of this possibility through a pop-up or banner when they first visit the website.
- Ask for Opt-out (show notification): This option informs the visitor about the use of cookies and offers them the opportunity to reject them.
- Allow Opt-out (no notification): Users have the option to refuse non-essential cookies, but they are not explicitly informed of this option through a proactive pop-up or banner when they first visit the website.
- Do not allow Opt-in or Opt-out: Please note that no banner will be displayed here. This is typically used for websites that only use necessary cookies that are required for the website to operate.
What are the benefits of applying layer logic for your business?
Each US state has its own specific requirements, some more stringent than others and which may vary from one another. This makes it all the more important that you have the ability to customize your layer logic to meet both the specific legal requirements and your company’s business preferences. While complying with privacy regulations, you can also run A/B tests to determine the most effective settings that will be accepted by your various US audiences. By skillfully managing these settings, you can improve your consent collection strategies and ultimately maximize your consent rates.
US privacy laws that will come into force in 2024
The following data protection laws will come into force in 2024. If your company operates in one of the states listed or your customers are located there, you should be prepared for additional data protection requirements:
Florida Digital Bill of Rights (FDBR) – Effective July 1, 2024
The Florida Digital Bill of Rights (FDBR) was signed on June 6, 2023, and will take effect on July 1, 2024. The law primarily applies to large companies with gross annual revenues of more than $1 billion, with certain thresholds applying to companies that are heavily involved in digital advertising or operate large digital platforms. The FDBR provides broad opt-out rights for data collection through voice and facial recognition technologies, sets strict restrictions on the collection of surveillance data without active user consent, and requires clear notices for the sale of sensitive and biometric data . In addition, the law provides special protections for children’s data and prohibits authorities from moderating social media content, with certain exceptions.
Texas Data Privacy and Security Act (TDPSA) – Effective July 1, 2024
The TDPSA establishes a similar framework to the GDPR for companies that operate in Texas or provide services to Texas residents. The law requires clear privacy notices and data protection impact assessments for high-risk processing activities . Consumers are also granted strong rights, such as the right to access, rectify and delete their data, as well as the right to object to data sharing and targeted advertising. In particular, the TDPSA prescribes strict guidelines for the handling of anonymized and pseudonymized data to ensure that even information that is not directly identifiable is handled carefully. The Texas Attorney General is solely responsible for enforcing the law.
Oregon Consumer Data Privacy Act (OCDPA) – Effective July 1, 2024
The OCDPA applies to businesses that operate in Oregon or do business with Oregon residents. The law also applies to nonprofits and sets certain thresholds for data controllers and data processors. It highlights the need for comprehensive privacy notices and risk assessments for activities that pose a material threat to consumer privacy. The OCDPA gives consumers the right to access, correct, and delete their data, as well as opt out of the sale of personal information and targeted advertising. Explicit consent is required for the processing of sensitive data. In addition, anonymized data is exempt from personal information protections under this law. Enforcement is handled by the Oregon Attorney General, who can impose civil penalties for violations.
Montana Consumer Data Privacy Act (MTCDPA) – Effective October 1, 2024
The MTCDPA applies to companies that do business with residents of the state of Montana or conduct business in Montana. The MTCDPA sets thresholds based on the amount of personal data processed and the revenue generated from the sale of that data. The law grants consumers the right to access, change and delete their data, as well as to opt out of the sale or use of their data for profiling and targeted advertising. Data controllers are required to limit data collection, secure the data collected, and at the same time ensure transparency about their data protection practices. Data processors are tasked with assisting controllers in meeting these requirements.
Each of these laws will force companies to review and possibly revise their current data protection practices. As the respective deadlines approach, consentmanager users can access their dashboards at any time to activate compliance with the following laws.
Register your website now and be ready when new data protection laws come into force.
