New Jersey Makes History with First Comprehensive Consumer Privacy Law
In a groundbreaking move, New Jersey has become the first state to enact a comprehensive consumer privacy law in 2024. The New Jersey Data Privacy Act, set to take effect on January 15, 2025, sets a new standard for data protection in the United States.
The law, inspired by similar state consumer privacy laws, stands out with its broader scope of applicability. It applies not only to large corporations but also to small businesses, nonprofits, and educational institutions. This inclusivity ensures that a wide range of organizations are held accountable for protecting consumer data.
One of the key features of the New Jersey law is its focus on sensitive data, including a potentially broad definition of financial information as sensitive data. This heightened protection for sensitive information sets a new precedent for data privacy legislation.
Additionally, the law includes child-focused privacy provisions, classifying personal data of children under 13 as sensitive data and imposing strict consent requirements for processing the data of children under 17 for targeted advertising or profiling purposes.
Controllers and processors are required to comply with the law, with obligations ranging from providing clear privacy notices to implementing data protection assessments. Processors must assist controllers in meeting their obligations and ensure confidentiality and security of personal data.
Consumers are granted a range of rights under the law, including the right to know what data is being processed, access to their data, correction of inaccuracies, deletion of data, and the ability to opt out of certain data processing activities.
Enforcement of the law will be carried out by the New Jersey Attorney General through civil actions and injunctive relief, with penalties of up to $10,000 for initial violations and up to $20,000 for subsequent violations. While there is no private right of action, the law provides a 30-day cure period for violations.
Overall, the New Jersey Data Privacy Act sets a new standard for data protection in the United States, with a focus on inclusivity, sensitive data protection, and consumer rights. Companies operating in New Jersey will need to ensure compliance with the law to avoid penalties and protect consumer data.