Search
 
 

Practices

 

Search

FILTERS

  • Please search to find attorneys
Close Btn

Alerts

05/18/2023

The Landmark Year For State Privacy Laws Continues: Montana, Texas, And Florida Make Advancements

The year 2023 continues to make waves in the realm of data privacy law in the United States, as several more states make strides in advancing bills that would establish comprehensive privacy laws. Delve into the latest developments surrounding these crucial bills:

Montana

Montana’s SB 384, titled the “Consumer Data Privacy Act” was sent to the Governor on May 11th, but the bill has not yet been signed by Governor Greg Gianforte. Given the bill’s universal support in both legislative chambers, its enactment is a near certainty.

The bill most closely resembles the Virginia Consumer Data Protection Act, the Connecticut Data Privacy Act, and the Colorado Privacy Act, and would enter into force on July 1, 2023, with respect to its provisions concerning (i) applicability, (ii) exemptions, (iii) consumer rights, (iv) appointing an authorized agent, and (v) limitations on data processing by controllers. The remainder of the bill would come into force on July 1, 2025. These dates are changed from the bill’s originally intended effective date of October 1, 2024.

Texas

Texas recently passed HB 4, also known as the “Texas Data Privacy and Security Act” through both state legislative chambers, where the bill has been sent to the desk of Governor Greg Abbott for his signature. Given the bill’s veto-proof support in both chambers, the enactment of HB 4 is nearly certain.

The bill closely resembles Montana’s SB 384, though provides the Texas Attorney General with certain powers to shape Texas privacy law in the future, including by providing more definition to consumer rights, outlining the responsibilities of entities that fall under the law, and providing for online-based mechanisms for submitting consumer complaints.

If signed, the Texas Data Privacy and Security Act will go into effect on September 1, 2023.

Florida

In Florida, SB 262 recently was passed by both legislative chambers and is heading to Governor Ron DeSantis’ desk for his signature. The bill enjoys near unanimous support, almost ensuring its passage into law. If signed, the law would come into effect on July 1, 2024.

The bill most closely resembles the Utah Consumer Privacy Act, with some key differences. Most notable among these differences is the definition of “controller” being limited to legal entities that make in excess of $1 billion in global gross annual revenues and satisfy one of the following criteria: (1) derives 50% or more of its global gross annual revenues from the sale of online advertisements, (2) operates a consumer smart speaker and voice command component service with an integrated virtual assistant connected to a cloud computing service that uses hands-free verbal activation, or (3) operates an app store or a digital distribution platform that offers at least 250,000 different software applications. These requirements are markedly different from the criteria in most other comprehensive state privacy laws and largely serve to make the scope of application narrower.

The Privacy and Cybersecurity team at McGrath North specializes in assisting clients in navigating the intricate web of US privacy regulations. We encourage you to contact our team to discuss the proactive measures your organization can adopt now, in order to effectively adapt to the dynamic US privacy landscape of tomorrow.