t’s been a busy legislative season for consumer data privacy. Six states have passed legislation empowering consumers with control over their data, effectively doubling the number of states with such laws. Okay, so only 11 out of 50 states have passed such laws, it’s still progress.
Of the six states, one stands out: Oregon. On June 22, 2023, the Oregon state legislature passed Oregon Consumer Privacy Act (OCPA) (SB 619). It is the eleventh state in the US to do so and the sixth this year. The Oregon Consumer Privacy Act (OCPA) is notable because it’s the strongest bill passed to date.
With the exception of California, all other US privacy regulations are modeled on the Washington Privacy Act, which was drafted by the Washington State Senate Ways & Means Committee. This bill is limited to companies (data controllers to be exact) that “control or process personal data of 100,000 consumers or more; or derive over 50 percent of gross revenue from the sale of personal data; and processes or controls personal data of twenty-five thousand consumers or more.” For many people, the WPA lacks teeth.
Unique to OCPA
OCPA differs from most other State privacy laws in a few ways. First, it requires opt-in consent for Oregonians aged 13 to 15.
If signed by the Governor, the law would protect sensitive data that goes above and beyond other privacy laws. First, it requires all data controllers to obtain consent before collecting sensitive data. And it expands the definition of sensitive data to cover such things as national origin, status as transgender or nonbinary, and whether or not the consumer has been the victim of crime.
Additionally, it would broaden the definition of biometric data to include any data used to identify a resident, not just data collected or used for identification. In other words, scraping social media platforms for consumer photos will be illegal in Oregon if this bill passes.
Civil Penalties on Employees for Violations…
Schrems II Judgment Day
The Court of Justice of the European Union (“CJEU“) issued its judgment today in …
