At Termageddon, we keep track of these bills for you and automatically update your Privacy Policies when needed. We have created a privacy bill tracker that will help you better understand the proposed bills and how they may affect your business. The privacy bill tracker discloses all bills that have been proposed by lawmakers around the world states that could affect Privacy Policy disclosures and business obligations. We do not include bills that have become law, nor bills that are dead. Here is a list of the laws that require you to have a Privacy Policy that affect how that Privacy Policy is written.
This list changes frequently, so be sure to check back to see the latest in privacy.
Table of Contents
U.S. Federal Bill Tracker (1 bill)
United States
–
Introduced: 2022-06-21
American Data Privacy and Protection Act
The Act imposes a baseline duty on all covered entities not to unnecessarily collect or use covered data in the first instance, regardless of any consent or transparency requirements. Specifically, covered entities are prohibited from collecting, processing, or transferring covered data beyond what is reasonably necessary, proportionate, and limited to provide specific products and services requested by individuals, communicate with individuals in a manner they reasonably anticipate given the context of their relationship with the covered entity, or for a purpose expressly permitted by the Act.
Does law require Privacy Policy Changes?: Yes
More Details:
Overrides state laws
Enforced by the FTC
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
U.S. State Bill Tracker (31 bills)
United States
–
Delaware
Introduced: 2023-05-12
DE – Delaware Personal Data Privacy Act (HB154)
An Act To Amend Title 6 Of The Delaware Code Relating To Personal Data Privacy And Consumer Protection.
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Georgia
Introduced: 2023-03-23
GA – Georgia House Bill 798 (HB798)
A BILL FOR AN ACT ENTITLED: “AN ACT ESTABLISHING THE CONSUMER DATA PRIVACY ACT; PROVIDING DEFINITIONS; ESTABLISHING APPLICABILITY; PROVIDING FOR CONSUMER RIGHTS TO PERSONAL DATA; ESTABLISHING REQUIREMENTS AND LIMITATIONS FOR A CONTROLLER OF PERSONAL DATA; ESTABLISHING REQUIREMENTS AND LIMITATIONS FOR A PROCESSOR OF PERSONAL DATA; PROVIDING FOR DATA PROTECTION ASSESSMENTS; PROVIDING EXEMPTIONS AND COMPLIANCE REQUIREMENTS; PROVIDING FOR ENFORCEMENT; AND PROVIDING A DELAYED EFFECTIVE DATE.”
Does law require Privacy Policy Changes?: No
More Details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Hawaii
Introduced: 2023-01-27
HI – Consumer Data Protection Act (SB1110/HB1497)
Establishes a framework to regulate controllers and processors with access to personal consumer data. Establishes that a violation of the consumer data privacy act constitutes an unfair method of competition and unfair and deceptive acts or practices in the conduct of any trade of commerce. Authorizes a person injured by a violation of the personal consumer data act to bring a civil action against a controller or processor.
Does law require Privacy Policy Changes?: Yes
More Details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Hawaii
Effective Date: 2023-07-01
HI – Consumer Data Protection Act (SB 974)
Establishes a framework to regulate controllers and processors with access to personal consumer data. Establishes penalties. Establishes a new consumer privacy special fund. Appropriates moneys.
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Illinois
Introduced: 2023-03-10
IL – Illinois Data Privacy and Protection Act (HB3385)
Creates the Illinois Data Privacy and Protection Act. Provides that a covered entity (any entity or any person, other than an individual acting in a non-commercial context, that alone or jointly with others determines the purposes and means of collecting, processing, or transferring covered data) may not collect, process, or transfer covered data unless the collection, processing, or transfer is limited to what is reasonably necessary and proportionate. Provides that a covered entity and a service provider shall establish, implement, and maintain reasonable policies, practices, and procedures concerning the collection, processing, and transferring of covered data. Contains provisions concerning retaliation; transparency; individual data rights; consent; data protection for children and minors; civil rights; data security; small business protections; executive responsibility; service providers and third parties; enforcement; severability; and rulemaking. Effective 180 days after becoming law.
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Indiana
Introduced: 2023-01-19
IN – House Bill 1554
Consumer data protection. Establishes in the Indiana Code a new article concerning consumer data protection, to take effect January 1, 2024. Sets forth the following within the new article: (1) Definitions of terms that apply throughout the article. (2) Exemptions for certain: (A) persons; and (B) types of information and data; from the bill’s requirements concerning the personal data of Indiana consumers (consumers). (3) The rights of a consumer with respect to personal data relating to the consumer. (4) The responsibilities of controllers of consumers’ personal data (controllers). (5) The roles of: (A) controllers; and (B) processors of consumers’ personal data (processors); with respect to a consumer’s personal data. (6) Requirements for data protection assessments by controllers. (7) Requirements for processing de-identified data or pseudonymous data. (8) Limitations as to the scope of the new article. (9) The establishment, maintenance, and publication by the attorney general’s consumer protection division of a quarterly listing of electronic mail addresses of consumers who request that their personal data not be sold. (10) Requirements for brokers of consumers’ personal information (data brokers) to: (A) provide notification of security breaches; and (B) register annually with the attorney general. (11) The authority of the attorney general to investigate and enforce suspected or actual violations of the new article. (12) The establishment of the consumer privacy account within the state general fund to support the work of the attorney general in enforcing the new article. (13) The authority of the attorney general to: (A) to adopt rules to administer the new article; and (B) issue opinion letters and interpretive guidance to develop an operational framework for persons subject to the new article. (14) The preemption of local rules, regulation, and laws regarding the processing of personal data.
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Iowa
Introduced: 2022-03-15
IA – House File 2506
A bill for an act relating to consumer data protection, providing civil penalties, and including effective date provisions. (Formerly HSB 674.)
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Iowa
Introduced: 2023-02-20
IA – House Study Bill 12
A bill for an act relating to consumer data protection, providing civil penalties, and including effective date provisions.(See HF 346.)
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Kentucky
Introduced: 2022-01-18
KY – Consumer Data Privacy (S15)
Create new sections of KRS Chapter 367 to establish consumer rights relating to personal data, including the rights to confirm whether data is being processed, to delete personal data provided by the consumer, to obtain a copy of the consumer’s personal data that was previously provided, and to opt out of targeted advertising and the sale of data; create definitions for terms; require that persons controlling data establish an appeal process by which a consumer may appeal the controller’s refusal to take action with respect to a request to exercise a right set forth in this Act; set forth the types of data and the persons or entities to which the provisions of the Act apply and do not apply; set forth requirements for persons or entities that control and process consumer data; require persons who control data to conduct data protection impact assessments; establish that the Attorney General has exclusive authority to enforce, with the exception of a private right of action by which consumers can seek injunctive relief for specific violations; create a consumer privacy fund in the state treasury to be administered by the State Treasurer; amend KRS 367.240 to conform; EFFECTIVE January 1, 2024.
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Louisiana
Introduced: 2023-04-10
LA – Louisiana Consumer Privacy Act (SB199)
Provides relative to the protection of data.
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Maine
Introduced: 2023-05-18
Introduced: 2023-05-18
ME – Maine Consumer Privacy Act (SB807)
This bill enacts the Maine Consumer Privacy Act to entitle consumers to certain rights concerning the use of personal data.
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Maine
Introduced: 2023-05-22
ME – Data Privacy and Protection Act (HB1270)
An Act to Create the Data Privacy and Protection Act
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Prohibits discrimination
Imposes fiduciary duty
Right to be forgotten
United States
–
Maryland
Introduced: 2023-02-08
MD – Online and Biometric Data Privacy Act (HB807)
Establishing generally the manner in which a controller or a processor may process a consumer’s personal data; authorizing a consumer to exercise certain rights in regards to the consumer’s personal data; requiring a controller of personal data to establish a method for a consumer to exercise certain rights in regards to the consumer’s personal data; regulating the use of biometric data by a controller; etc.
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Massachusetts
Introduced: 2023-02-16
MA – Massachusetts Data Privacy Protection Act (HD2281/SD 745)
By Representatives Vargas of Haverhill and Rogers of Cambridge, a petition (accompanied by bill, House, No. 83) of Andres X. Vargas, David M. Rogers and Carmine Lawrence Gentile for legislation to establish the Massachusetts data privacy protection act. Advanced Information Technology, the Internet and Cybersecurity.
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Massachusetts
Introduced: 2023-02-16
MA – Massachusetts Information Privacy and Security Act (HD3263/SD1971)
By Representative Carey of Easthampton, a petition (accompanied by bill, House, No. 60) of Daniel R. Carey and Mindy Domb relative to the security and the protection of personal information by establishing the Massachusetts information privacy and security act. Advanced Information Technology, the Internet and Cybersecurity.
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Mississippi
Introduced: 2023-01-31
MS – Consumer Data Privacy Act (SB 2080)
An Act To Create The “mississippi Consumer Data Privacy Act”; To Authorize Consumers To Request That Businesses Disclose Certain Information; To Authorize Consumers To Request That Businesses Delete Personal Information Collected By Businesses; To Require Businesses To Disclose Certain Information To Consumers, To Inform Consumers Of Their Right To Request That Personal Information Be Deleted, And To Delete Personal Information Collected About Consumers Upon Request; To Authorize Consumers To Instruct Businesses To Not Sell The Consumers’ Personal Information; To Authorize Consumers To Bring Civil Actions Against Businesses That Violate This Act; To Authorize The Attorney General To Bring Civil Actions Against Businesses That Violate This Act; To Require The Attorney General To Adopt Regulations To Further The Purposes Of This Act; And For Related Purposes.
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Minnesota
Introduced: 2023-01-30
MN – Consumer Data Privacy (SB950)
Consumer’s consent prior to collecting personal information requirement.
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
New Hampshire
Introduced: 2023-04-11
NH – Expectation of Privacy (SB 255)
This bill creates a new chapter detailing a consumer expectation of privacy.
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
New York
Introduced: 2023-01-19
NY – Digital Fairness Act (S2277)
Enacts the “digital fairness act”; requires any entity that conducts business in New York and maintains the personal information of 500 or more individuals to provide meaningful notice about their use of personal information; establishes unlawful discriminatory practices relating to targeted advertising.
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
New York
Introduced: 2023-01-04
NY – New York Privacy Act (SB365)
Enacts the New York privacy act to require companies to disclose their methods of de-identifying personal information, to place special safeguards around data sharing and to allow consumers to obtain the names of all entities with whom their information is shared.
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
New York
Introduced: 2023-01-30
NY – Consumer Right to Request Disclosure of Information (SB3162)
Grants a consumer a right to request a business to disclose the categories and specific pieces of personal information that it collects about the consumer, the categories of sources from which that information is collected, the business purposes for collecting or selling the information, and the categories of third parties with which the information is shared.
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
New York
Introduced: 2023-02-14
NY – Personal Information Collection (AB4374)
Grants a consumer a right to request a business to disclose the categories and specific pieces of personal information that it collects about the consumer, the categories of sources from which that information is collected, the business purposes for collecting or selling the information, and the categories of third parties with which the information is shared.
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
New Jersey
Introduced: 2023-02-06
NJ – Online Personally Identifiable Information Disclosure (S 332)
Requires commercial Internet websites and online services to notify consumers of collection and disclosure of personally identifiable information and allows consumers to opt out.
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
New Jersey
Introduced: 2022
NJ – New Jersey Disclosure and Accountability Transparency Act (A505)
“New Jersey Disclosure and Accountability Transparency Act (NJ DaTA)”; establishes certain requirements for disclosure and processing of personally identifiable information; establishes Office of Data Protection and Responsible Use in Division of Consumer Affairs.
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
New Jersey
Introduced: 2022-01-11
NJ – Commercial Internet Websites Consumer Information (A 1971)
Requires commercial Internet websites and online services to notify consumers of collection and disclosure of personally identifiable information and allows consumers to opt out.
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
North Carolina
Introduced: 2023-04-03
NC – North Carolina Consumer Privacy Act (SB525)
Consumer Privacy Act
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Oklahoma
Introduced: 2023-03-29
OK – Oklahoma Computer Data Privacy Act (HB 1030)
Data privacy; Oklahoma Computer Data Privacy Act; consumer protection; civil penalties; effective date.
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Texas
Introduced: 2023-05-15
TX – Texas Data Privacy and Security Act (HB4)
Relating to the regulation of the collection, use, processing, and treatment of consumers’ personal data by certain business entities; imposing a civil penalty.
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Pennsylvania
Introduced: 2023-03-27
PA – Consumer Data Protection Act (HB708)
An Act providing for protection of certain personal data of consumers; imposing duties on controllers and processors of personal data of consumers; providing for enforcement; prescribing penalties; and establishing the Consumer Privacy Fund.
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Pennsylvania
Introduced: 2023-05-19
PA – Consumer Data Privacy Act (HB1201)
An Act providing for consumer data privacy, for duties of controllers and for duties of processors; and imposing penalties.
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Washington
Introduced: 2023-01-26
WA – People’s Privacy Act (HB 1616)
Creating a charter of people’s personal data rights.
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
West Virginia
Introduced: 2023-02-14
WV – Consumer Data Protection Act (HB3453)
Does law require Privacy Policy Changes?: Yes
More details:
The purpose of this bill is to protect consumer data privacy by establishing a consumer right to request copy of personal data collected; establishing a consumer right to have personal information deleted or corrected; establishing a consumer right to request personal data sold or shared; establishing a consumer right to opt-out of the sale or sharing of personal information to third parties; prohibiting discrimination against consumers who exercise their right under this article; establishing procedures for requests for personal information under this article; establish a form to opt-out of sale or sharing of personal information; creating a private cause of action; empowering the West Virginia Division of Consumer Protection to establish rules under this article for enforcement; and empowering the West Virginia Division of Consumer Protection to bring suit for violation of this article.
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Vermont
Introduced: 2023-01-26
VT – HB121
An act relating to enhancing consumer privacy
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United Kingdom Privacy Bill Tracker (1 Bill)
United Kingdom
Introduced: 2022-23
United Kingdom Data Protection and Digital Information Bill
A Bill to make provision for the regulation of the processing of information relating to identified or identifiable living individuals; to make provision about services consisting of the use of information to ascertain and verify facts about individuals; to make provision about access to customer data and business data; to make provision about privacy and electronic communications; to make provision about services for the provision of electronic signatures, electronic seals and other trust services; to make provision about the disclosure of information to improve public service delivery; to make provision for the implementation of agreements on sharing information for law enforcement purposes; to make provision about the keeping and maintenance of registers of births and deaths; to make provision about information standards for health and social care; to establish the Information Commission; to make provision about oversight of biometric data; and for connected purposes.
Details:
- Amends definition of “personal data”
- Clarifies “legitimate interests”
- Reduces need for cookie consent banners;
- Amends automated decision-making requirements;
- Removes the requirement for UK representatives;
- Removes requirement to appoint a Data Protection Officer;
- Provides the Information Commissioner’s Office with additional enforcement powers;
- Increases fines for nuisance calls;
- Requires new disclosures to be added to Privacy Policies.
Canada Privacy Bill Tracker (1 Bill)
Canada
Introduced: 2023-03-23
Canada Bill C-27
An Act to enact the Consumer Privacy Protection Act, the Personal Information and Data Protection Tribunal Act and the Artificial Intelligence and Data Act and to make consequential and related amendments to other Acts
Details:
- Requires companies to implement and maintain a privacy management program
- Grants the Privacy Commissioner ability to impose fines
- Increases fine amounts for violations
- Includes a private right of action, allowing consumers to sue businesses directly for privacy violations
- Includes right of portability
- Includes right of deletion
- Requires new disclosures to be added to Privacy Policies
- Regulates automated decision-making systems
- Includes a “legitimate interest” exception to consent requirements
Australia Privacy Bill Tracker (1 Bill)
Australia
Introduced: 2023-03-23
Australia Privacy Act 1988 reform
The proposed reforms are aimed at strengthening the protection of personal information and the control individuals have over their information. Stronger privacy protections would support digital innovation and enhance Australia’s reputation as a trusted trading partner.
Details:
- Expands definition of “personal information”
- Removes small business exemption
- Requires new disclosures to be added to Privacy Policies
- Provides right to withdraw consent
- Expands right to access
- Includes right to object to the collection, use or disclosure of personal information
- Expands the right of correction
- Includes right to delete
- Includes right to de-index online search results containing certain personal information
- Includes right to opt out of targeted advertising
- Introduces concepts of processor and controller
- Expands scrutiny of transfers of data outside of Australia
- Includes lower and mid-tier civil penalty provisions
Please note that this chart does not include bills that are dead nor does it include bills that do not deal with the subject matter that pertains to our customers. For example, a bill has been proposed that deals with facial recognition. We have not included this bill in our tracker since it’s not relevant to our customers.
As the proposed bills are always changing, make sure to check this post often to keep up to date! Or don’t if you’re a Termageddon partner, because we’ll update your policies automatically for you when the bills become law. So you can leave all the tracking and privacy-bill-reading up to us.