New Jersey’s Proposed Comprehensive 2024 Data Privacy Bill
On December 21, 2023, New Jersey legislators expanded a 5-year-old narrow privacy bill, S332, into a full-fledged comprehensive consumer privacy framework similar to other trendsetting US Privacy Laws. The New Jersey legislature is open through the first week of January 2024, positioning itself to potentially be the first new state privacy law of 2024. This article provides an in-depth comparative analysis of New Jersey’s S332 and the most prominent US privacy law, the California Consumer Privacy Act (CCPA).
Empowering New Jersey Consumer Rights
New Jersey Senate Bill No. 332 includes the right to know if personal data is processed, correct inaccuracies, delete personal data, obtain a copy of personal data, and the ability to opt-out of specific processing activities like targeted advertising or the sale of personal data. This aligns with the CCPA’s consumer-centric approach in where individuals are empowered to know, control, and, in certain instances, delete their personal information.
Universal Opt-Out Mechanism
The bill grants individuals the standard option to exercise their rights to opt-out of data sales and targeted advertising using Universal Opt-Out Mechanisms (UOOMs). Unique to S332 is the mandate for controllers to implement a user-selected UOOM for targeted advertising and the sale of personal data. CCPA, while not specifying a universal opt-out, requires businesses to provide a “Do Not Sell My Personal Information” link, emphasizing user control and choice.
See also Implementing DNSS and Opt-Out Solutions
Designated Authorized Agents
In recognizing the need for consumer representation, the bill allows consumers to designate authorized agents to act on their behalf for opting out of data processing. This mirrors the provisions in CCPA, where authorized agents are acknowledged to exercise privacy rights.
See also Powerful Data Subject Rights Management Software
Data Controller Obligations
Both legislations impose obligations on controllers to limit data collection, obtain consent for processing, ensure data security, and conduct data protection assessments for high-risk processing activities. This shared emphasis on transparency and consumer awareness aligns with the broader global trend in data protection regulations.
See also Universal Consent and Preferences
Enforcement and Penalties
The bill entrusts exclusive authority and enforcement to the Office of the Attorney General, while the CCPA empowers the California AG and allows for a private right of action in certain data breach scenarios.
Applicability and Jurisdiction
New Jersey Senate Bill No. 332 applies to entities conducting business in the state or collecting information from New Jersey residents, mirroring CCPA’s criteria for applicability.
Mandatory DPAs
Unique to the New Jersey bill, controllers would be required to complete and document a data protection assessment of all processing activities that present a heightened risk of harm to a consumer. These assessments must be available to the Division of Consumer Affairs upon request.
See also PIA and DPIA Automation
New Jersey Senate Bill No. 332 and California’s CCPA share common ground in their commitment to consumer privacy rights. While the former introduced nuanced provisions reflecting the state’s regulatory landscape, the latter serves as a foundational model for state-level data privacy legislation. The convergence of these two legislations, and others, indicates a growing consensus on the importance of individual privacy rights and corporate accountability.
Clarip’s Data Privacy Governance Platform ensures compliance with all consumer privacy regulations, including the “Do Not Sell/Do Not Share My Personal Information” solution. Allow customers to submit, revoke and update granular consent with Clarip’s Universal Consent Management. Clarip takes enterprise privacy governance to the next level and helps organizations reduce risks, engage better, and gain customers’ trust! Contact us at www.clarip.com or call Clarip at 1-888-252-5653 for a demo.
Email Now:
Mike Mango, VP of Sales
mmango@clarip.com
Related Articles:
Data Privacy and the Future of Digital Marketing
2023 US Privacy Law Tracker
Understanding US Data Privacy Law Fines
Evolution of digital consent and preferences
What Is GPC (Global Privacy Control), And why does it matter?