At Termageddon we’ve have created a privacy bill tracker that will help you better understand what bills are being proposed and how they may affect your business. The privacy bill tracker discloses all bills that have been proposed by lawmakers around the world states that could affect Privacy Policy disclosures and business obligations. We do not include bills that have become law, nor bills that are dead.
Here is a list of the laws that require you to have a Privacy Policy that affect how that Privacy Policy is written.
This list changes frequently, so be sure to check back to see the latest in privacy.
Table of Contents
U.S. Federal Bill Tracker (3 bills)
United States
–
Introduced: 2022-06-21
American Data Privacy and Protection Act
The Act imposes a baseline duty on all covered entities not to unnecessarily collect or use covered data in the first instance, regardless of any consent or transparency requirements. Specifically, covered entities are prohibited from collecting, processing, or transferring covered data beyond what is reasonably necessary, proportionate, and limited to provide specific products and services requested by individuals, communicate with individuals in a manner they reasonably anticipate given the context of their relationship with the covered entity, or for a purpose expressly permitted by the Act.
Does law require Privacy Policy Changes?: Yes
More Details:
Overrides state laws
Enforced by the FTC
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Introduced: 2023-11-15
DATA Privacy Act (US S 3337)
To establish national data privacy standards in the United States, and for other purposes.
Does law require Privacy Policy Changes?: Yes
More Details:
Overrides state laws
Enforced by the FTC
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Introduced: 2024-04-09
American Privacy Rights Act
To establish protections for covered data of individuals, and for other purposes.
Does law require Privacy Policy Changes?: Yes
More Details:
Overrides state laws
Enforced by the FTC
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
U.S. State Bill Tracker (31 bills)
United States
–
Georgia
Introduced: 2023-03-23
GA – Georgia House Bill 798 (HB798)
A BILL FOR AN ACT ENTITLED: “AN ACT ESTABLISHING THE CONSUMER DATA PRIVACY ACT; PROVIDING DEFINITIONS; ESTABLISHING APPLICABILITY; PROVIDING FOR CONSUMER RIGHTS TO PERSONAL DATA; ESTABLISHING REQUIREMENTS AND LIMITATIONS FOR A CONTROLLER OF PERSONAL DATA; ESTABLISHING REQUIREMENTS AND LIMITATIONS FOR A PROCESSOR OF PERSONAL DATA; PROVIDING FOR DATA PROTECTION ASSESSMENTS; PROVIDING EXEMPTIONS AND COMPLIANCE REQUIREMENTS; PROVIDING FOR ENFORCEMENT; AND PROVIDING A DELAYED EFFECTIVE DATE.”
Does law require Privacy Policy Changes?: No
More Details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Georgia
Introduced: 2023-02-09
GA – Georgia House Bill 798 (S 473)
A BILL to be entitled an Act to amend Title 10 of the O.C.G.A., relating to commerce and trade, so as to enact the “Georgia Consumer Privacy Protection Act”; to protect the privacy of consumer personal data in this state; to provide for definitions; to provide for related matters; to repeal conflicting laws; and for other purposes.
Does law require Privacy Policy Changes?: Yes
More Details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Hawaii
Introduced: 2023-01-27
HI – Consumer Data Protection Act (SB1110/HB1497)
Establishes a framework to regulate controllers and processors with access to personal consumer data. Establishes that a violation of the consumer data privacy act constitutes an unfair method of competition and unfair and deceptive acts or practices in the conduct of any trade of commerce. Authorizes a person injured by a violation of the personal consumer data act to bring a civil action against a controller or processor.
Does law require Privacy Policy Changes?: Yes
More Details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Hawaii
Effective Date: 2023-07-01
HI – Consumer Data Protection Act (SB 974)
Establishes a framework to regulate controllers and processors with access to personal consumer data. Establishes penalties. Establishes a new consumer privacy special fund. Appropriates moneys.
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Hawaii
Effective Date: 2024-01-24
HI – Consumer Data Protection Act (S 3018)
Establishes a framework to regulate controllers and processors with access to personal consumer data. Establishes penalties. Establishes a new consumer privacy special fund. Declares that the general fund expenditure ceiling is exceeded. Makes an appropriation.
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Illinois
Introduced: 2023-03-10
IL – Illinois Data Privacy and Protection Act (HB3385)
Creates the Illinois Data Privacy and Protection Act. Provides that a covered entity (any entity or any person, other than an individual acting in a non-commercial context, that alone or jointly with others determines the purposes and means of collecting, processing, or transferring covered data) may not collect, process, or transfer covered data unless the collection, processing, or transfer is limited to what is reasonably necessary and proportionate. Provides that a covered entity and a service provider shall establish, implement, and maintain reasonable policies, practices, and procedures concerning the collection, processing, and transferring of covered data. Contains provisions concerning retaliation; transparency; individual data rights; consent; data protection for children and minors; civil rights; data security; small business protections; executive responsibility; service providers and third parties; enforcement; severability; and rulemaking. Effective 180 days after becoming law.
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Illinois
Introduced: 2024-02-09
IL – Illinois Data Privacy and Protection Act (HB3385)
Creates the Privacy Rights Act. Sets forth duties and obligations of businesses that collected consumers’ personal information and sensitive personal information to keep such information private. Sets forth consumer rights in relation to the collected personal information and sensitive personal information, including the right to: delete personal information; correct inaccurate personal information; know what personal information is sold or shared and to whom; opt out of the sale or sharing of personal information; limit use and disclosure of sensitive personal information; and no retaliation for exercising any rights. Sets forth enforcement provisions. Creates the Consumer Privacy Fund. Allows the Attorney General to create rules to implement the Act. Establishes the Privacy Protection Agency. Includes provisions regarding remedies and fines for violations of the Act. Makes a conforming change in the State Finance Act.
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Kentucky
Introduced: 2022-01-18
KY – Consumer Data Privacy (S15)
Create new sections of KRS Chapter 367 to establish consumer rights relating to personal data, including the rights to confirm whether data is being processed, to delete personal data provided by the consumer, to obtain a copy of the consumer’s personal data that was previously provided, and to opt out of targeted advertising and the sale of data; create definitions for terms; require that persons controlling data establish an appeal process by which a consumer may appeal the controller’s refusal to take action with respect to a request to exercise a right set forth in this Act; set forth the types of data and the persons or entities to which the provisions of the Act apply and do not apply; set forth requirements for persons or entities that control and process consumer data; require persons who control data to conduct data protection impact assessments; establish that the Attorney General has exclusive authority to enforce, with the exception of a private right of action by which consumers can seek injunctive relief for specific violations; create a consumer privacy fund in the state treasury to be administered by the State Treasurer; amend KRS 367.240 to conform; EFFECTIVE January 1, 2024.
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Kentucky
Introduced: 2024-01-02
KY – Consumer Data Privacy (HB24)
Creates new sections of KRS Chapter 367 to establish consumer rights relating to personal data, including the rights to confirm whether data is being processed, to delete personal data provided by the consumer, to obtain a copy of the consumer’s personal data that was previously provided, and to opt out of targeted advertising and the sale of data; define terms; set forth the types of data and the persons or entities to which the statutory provisions do and do not apply; set forth requirements for persons or entities that control and process consumer data; establish that the Attorney General has exclusive authority to enforce the consumer data privacy rights; create a consumer privacy fund in the State Treasury to be administered by the Office of the Attorney General; EFFECTIVE January 1, 2026.
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Louisiana
Introduced: 2024-04-03
LA – Louisiana Consumer Privacy Act (HB947)
Provides information relative to the protection of data by certain persons and entities.
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Maryland
Introduced: 2024-01-24
MD – Maryland Online Data Privacy Act of 2024 (HB 567 /SB 541)
Establishing generally the manner in which a controller or a processor may process a consumer’s personal data; authorizing a consumer to exercise certain rights in regards to the consumer’s personal data; requiring a controller of personal data to establish a method for a consumer to exercise certain rights in regards to the consumer’s personal data; etc.
Does law require Privacy Policy Changes?: Yes
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Prohibits discrimination
Imposes fiduciary duty
Right to be forgotten
United States
–
Massachusetts
Introduced: 2023-02-16
MA – Massachusetts Data Privacy Protection Act (HD2281/SD 745)
By Representatives Vargas of Haverhill and Rogers of Cambridge, a petition (accompanied by bill, House, No. 83) of Andres X. Vargas, David M. Rogers and Carmine Lawrence Gentile for legislation to establish the Massachusetts data privacy protection act. Advanced Information Technology, the Internet and Cybersecurity.
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Massachusetts
Introduced: 2023-02-16
MA – Massachusetts Information Privacy and Security Act (HD3263/SD1971)
By Representative Carey of Easthampton, a petition (accompanied by bill, House, No. 60) of Daniel R. Carey and Mindy Domb relative to the security and the protection of personal information by establishing the Massachusetts information privacy and security act. Advanced Information Technology, the Internet and Cybersecurity.
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Massachusetts
Introduced: 2023-02-16
MA – Internet Bill of Rights (HD3245)
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Michigan
Introduced: 2023-11-09
MI – Michigan Personal Data Privacy Act (SB659)
Consumer protection: privacy; personal data privacy act.
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Prohibits discrimination
Imposes fiduciary duty
Right to be forgotten
United States
–
Minnesota
Introduced: 2023-01-30
MN – Consumer Data Privacy (SB950)
Consumer’s consent prior to collecting personal information requirement.
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Minnesota
Introduced: 2024-02-26
MN – Minnesota Consumer Data Privacy Act (HB2309)
Rights given to consumers regarding personal data, obligations placed on businesses regarding consumer data, and enforcement by attorney general provided.
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Nebraska
Introduced: 2024-01-16
NE – Data Privacy Act (LB 1294)
Adopt the Data Privacy Act, change provisions relating to certain certificates and information relating to vital records, and provide for certain records to be exempt from public disclosure.
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
New York
Introduced: 2023-01-19
NY – Digital Fairness Act (S2277)
Enacts the “digital fairness act”; requires any entity that conducts business in New York and maintains the personal information of 500 or more individuals to provide meaningful notice about their use of personal information; establishes unlawful discriminatory practices relating to targeted advertising.
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
New York
Introduced: 2023-01-04
NY – New York Privacy Act (SB365)
Enacts the New York privacy act to require companies to disclose their methods of de-identifying personal information, to place special safeguards around data sharing and to allow consumers to obtain the names of all entities with whom their information is shared.
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
New York
Introduced: 2023-01-30
NY – Consumer Right to Request Disclosure of Information (SB3162)
Grants a consumer a right to request a business to disclose the categories and specific pieces of personal information that it collects about the consumer, the categories of sources from which that information is collected, the business purposes for collecting or selling the information, and the categories of third parties with which the information is shared.
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
New York
Introduced: 2023-02-14
NY – Personal Information Collection (AB4374)
Grants a consumer a right to request a business to disclose the categories and specific pieces of personal information that it collects about the consumer, the categories of sources from which that information is collected, the business purposes for collecting or selling the information, and the categories of third parties with which the information is shared.
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
North Carolina
Introduced: 2023-04-03
NC – North Carolina Consumer Privacy Act (SB525)
Consumer Privacy Act
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Oklahoma
Introduced: 2023-03-29
OK – Oklahoma Computer Data Privacy Act (HB 1030)
Data privacy; Oklahoma Computer Data Privacy Act; consumer protection; civil penalties; effective date.
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Pennsylvania
Introduced: 2023-03-27
PA – Consumer Data Protection Act (HB708)
An Act providing for protection of certain personal data of consumers; imposing duties on controllers and processors of personal data of consumers; providing for enforcement; prescribing penalties; and establishing the Consumer Privacy Fund.
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Pennsylvania
Introduced: 2023-05-19
PA – Consumer Data Privacy Act (HB1201)
An Act providing for consumer data privacy, for duties of controllers and for duties of processors; and imposing penalties.
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Pennsylvania
Introduced: 2024-01-09
PA – Consumer Data Privacy Act (HB1947)
An Act providing for consumer data privacy, for rights of consumers and duties of businesses relating to the collection of personal information and for duties of the Attorney General.
Does law require Privacy Policy Changes?: Yes
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Vermont
Introduced: 2023-01-26
VT – HB121
An act relating to enhancing consumer privacy
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Vermont
Introduced: 2024-01-17
VT – SB 269
An act relating to enhancing consumer privacy
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
Washington
Introduced: 2023-01-26
WA – People’s Privacy Act (HB 1616)
Creating a charter of people’s personal data rights.
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United States
–
West Virginia
Introduced: 2024-01-25
WV – Consumer Data Protection Act (HB 5112)
The purpose of this bill is to protect consumer data privacy by establishing a consumer right to request copy of personal data collected; establishing a consumer right to have personal information deleted or corrected; establishing a consumer right to request personal data sold or shared; establishing a consumer right to opt-out of the sale or sharing of personal information to third parties; prohibiting discrimination against consumers who exercise their right under this article; establishing procedures for requests for personal information under this article; establish a form to opt-out of sale or sharing of personal information; creating a private cause of action; empowering the West Virginia Division of Consumer Protection to establish rules under this article for enforcement; and empowering the West Virginia Division of Consumer Protection to bring suit for violation of this article.
Does law require Privacy Policy Changes?: Yes
More details:
Business size limit
Consumers can sue
Right to access data
Right to delete data
Right to correct data
Right to restrict processing
Right to opt-out
Opt-in consent required
Right to portability
Against automated decision making
Imposes fiduciary duty
Prohibits discrimination
Right to be forgotten
United Kingdom Privacy Bill Tracker (1 Bill)
United Kingdom
Introduced: 2022-23
United Kingdom Data Protection and Digital Information Bill
A Bill to make provision for the regulation of the processing of information relating to identified or identifiable living individuals; to make provision about services consisting of the use of information to ascertain and verify facts about individuals; to make provision about access to customer data and business data; to make provision about privacy and electronic communications; to make provision about services for the provision of electronic signatures, electronic seals and other trust services; to make provision about the disclosure of information to improve public service delivery; to make provision for the implementation of agreements on sharing information for law enforcement purposes; to make provision about the keeping and maintenance of registers of births and deaths; to make provision about information standards for health and social care; to establish the Information Commission; to make provision about oversight of biometric data; and for connected purposes.
Details:
- Amends definition of “personal data”
- Clarifies “legitimate interests”
- Reduces need for cookie consent banners;
- Amends automated decision-making requirements;
- Removes the requirement for UK representatives;
- Removes requirement to appoint a Data Protection Officer;
- Provides the Information Commissioner’s Office with additional enforcement powers;
- Increases fines for nuisance calls;
- Requires new disclosures to be added to Privacy Policies.
Canada Privacy Bill Tracker (1 Bill)
Canada
Introduced: 2023-03-23
Canada Bill C-27
An Act to enact the Consumer Privacy Protection Act, the Personal Information and Data Protection Tribunal Act and the Artificial Intelligence and Data Act and to make consequential and related amendments to other Acts
Details:
- Requires companies to implement and maintain a privacy management program
- Grants the Privacy Commissioner ability to impose fines
- Increases fine amounts for violations
- Includes a private right of action, allowing consumers to sue businesses directly for privacy violations
- Includes right of portability
- Includes right of deletion
- Requires new disclosures to be added to Privacy Policies
- Regulates automated decision-making systems
- Includes a “legitimate interest” exception to consent requirements
Australia Privacy Bill Tracker (1 Bill)
Australia
Introduced: 2023-03-23
Australia Privacy Act 1988 reform
The proposed reforms are aimed at strengthening the protection of personal information and the control individuals have over their information. Stronger privacy protections would support digital innovation and enhance Australia’s reputation as a trusted trading partner.
Details:
- Expands definition of “personal information”
- Removes small business exemption
- Requires new disclosures to be added to Privacy Policies
- Provides right to withdraw consent
- Expands right to access
- Includes right to object to the collection, use or disclosure of personal information
- Expands the right of correction
- Includes right to delete
- Includes right to de-index online search results containing certain personal information
- Includes right to opt out of targeted advertising
- Introduces concepts of processor and controller
- Expands scrutiny of transfers of data outside of Australia
- Includes lower and mid-tier civil penalty provisions
Please note that this chart does not include bills that are dead nor does it include bills that do not deal with the subject matter that pertains to our customers. For example, a bill has been proposed that deals with facial recognition. We have not included this bill in our tracker since it’s not relevant to our customers.
As the proposed bills are always changing, make sure to check this post often to keep up to date! Or don’t if you’re a Termageddon customer, because we’ll update your policies automatically for you when the bills become law. So you can leave all the tracking and privacy-bill-reading up to us by using our Privacy Policy Generator.
