In this article

Sign up for our newsletter

Share this article

Hello all, and happy Thursday!  

A year ago, I might have said that U.S. states were slowly but surely adopting data privacy legislation. Today, I’d have to drop the “slowly” bit. 

Oregon has become the 11th state to gain a comprehensive privacy law. (And Delaware may soon follow!) 

There isn’t too much that’s new to the Oregon Consumer Privacy Act, or OCPA, compared to other state privacy laws. Businesses that meet the OCPA thresholds are required to engage in familiar compliance activities like:  

  • Providing notice. 
  • Adhering to data minimization and purpose limitation principles.  
  • Enabling consumers to exercise their rights. 
  • Obtaining consent prior to processing sensitive data.  
  • Entering into contracts with processors. 
  • Conducting data protection assessments for high-risk processing activities. 
  • And more. 

The law doesn’t go into effect until July 1, 2024—after that point, the Oregon State Attorney General may grant violators 30 days to cure their infractions and penalize controllers $7,500 per violation. 

We developed an action plan checklist for the 2023 state laws that you may be interested in reviewing. U.S. privacy law has—for the most part—followed the same standards, and by following the guidance within the checklist, you’ll be well-positioned for compliance. Of course, each law has its own peculiarities, which we recommend reviewing with your counsel. 




Top Privacy Stories of the Week

Oregon Is the 11th State to Enact Comprehensive Privacy Legislation 

On July 18, the Oregon governor signed the Oregon Consumer Privacy Act to establish a framework for controlling and processing consumer personal data in the state. Oregon follows California, Colorado, Connecticut, Virginia, Utah, Iowa, Indiana, Tennessee, Montana, and Texas in enacting comprehensive consumer privacy measures. 

Read more 

Illinois Instagram Users Could Receive Payment From Class-Action Settlement 

The Illinois Biometric Information Privacy Act (BIPA) prohibits companies from collecting and storing biometric information. As a result of a class-action lawsuit, Instagram was found to have violated BIPA, entitling Illinois residents who used the app in the last eight years compensation. 

Read more 

Apple Introduces New SDK Privacy Controls in iOS 17 

Apple recently announced new SDK privacy controls that will be part of iOS 17, including privacy manifests and signatures, required reason APIs, tracking domains, and more. 

Read more 

Biden-⁠Harris Administration Secures Voluntary Commitments from Leading Artificial Intelligence Companies to Manage the Risks Posed by AI 

The Biden-Harris Administration recently secured commitments from seven leading AI companies to carry out a variety of activities to protect American rights and safety. These include testing, cybersecurity, transparency, bias minimization, and other commitments. 

Read more 

CPPA Debuts New CPRA Complaint Form 

California residents who believe their rights under the CPRA have been violated can now make complaints directly on the California Privacy Protection Agency’s website. Out of the complaints received thus far, violations associated with the right to limit the use of sensitive personal information were the most commonly alleged. 

Read more 

European Data Protection Board Informs Stakeholders About the Rights and Obligations Under the Data Privacy Framework 

Recently, the European Data Protection Board (EDPB) released an information note that explains the rights of individuals and organizations’ obligations under the international data transfer framework—known as the Data Privacy Framework—between the EU and U.S. 

Read more 

California’s Expansive New Children’s Online Privacy Law Faces First Amendment Challenge 

A pending federal lawsuit, NetChoice LLC v. Bonta, seeks to block California's recent children’s data protection law, the Age-Appropriate Design Code Act (AADC). The plaintiffs argue the law violates the First Amendment to the U.S. Constitution and is preempted by existing federal laws. 

Read more 

Delaware Could Become the Next State to Enact a Comprehensive State Privacy Law 

On June 30, 2023, the Delaware House of Representatives passed the Delaware Personal Data Privacy Act, a day after the Delaware Senate passed the legislation. The DPDPA heads to Governor John Carney for a final signature. 

Read more 

Apple’s App Tracking Triggers Statement of Objections From French Competition Authority 

The French national competition authority has issued a statement of objections related to how Apple tracks iOS users. The watchdog said that it suspects Apple of abusing a dominant position by implementing what it described as “discriminatory, non-objective and non-transparent” conditions for the use of user data for advertising purposes. 

Read more 

The Osano Privacy Program Maturity Model 

For both privacy experts and novices alike, developing a privacy program can feel like taking a shot in the dark. With the Osano Privacy Program Maturity Model, you'll gain a points-based method of evaluating your privacy program’s operational efficiency and identifying exactly what your next steps should be. Click the link to gain access to your copy today. 

Read more 

If you’re interested in working at Osano, check out our Careers page 

Schedule a demo of Osano today
Share this article