Delaware enacts wide data privacy law without consumer right to sue
A new consumer data privacy enacted in Delaware applies to wider range of businesses than similar laws in other states, but critics say a legal technicality makes it toothless.
StateScoop reports that House Bill 154 gives customers the legal right to know what businesses are doing with their personal data, including biometrics. They can ask businesses to delete it, and opt out of schemes that use their data for targeted advertising. But the law does not allow them to bring civil action for individual complaints.
Instead of providing what is called a private right of action, the Delaware Personal Data Privacy Act will see cases adjudicated by the state’s justice department, which will issue notices to companies in violation, giving them 60 days to achieve compliance.
In other states, disagreement over whether enabling a private right to action helps or hinders in making a law enforceable has been a political torpedo. In 2021, Florida legislators failed to reach an agreement on proposed consumer-data privacy regulations, with private right to action being the main sticking point. Washington state lawmakers have tried and failed three times to pass data privacy legislation providing an individual right to bring civil action.
Meanwhile, Illinois’ lodestone 2008 Biometric Information Privacy Act (BIPA), considered by many to be the gold standard for biometric data privacy legislation, does include a private right of action. BIPA has been the basis for settlements in other states, including the major suit brought against the controversial facial recognition firm, Clearview AI.
That potential snag notwithstanding, Delaware’s new law means that any businesses in Delaware that “control or process the personal data of at least 35,000 customers” will be subject to its provisions.
Concerned entities, however, have time to strategize on a response. The new law will take effect on January 1, 2025. An outreach campaign is scheduled to start six months ahead of that.
Related Posts
Article Topics
biometric data | biometric identifiers | data privacy | data protection | Delaware | legislation
Comments