Starting next Tuesday, Nevada residents may choose to opt-out of having their personal information resold by online businesses. A privacy bill, signed into law this May, requires website operators to respond to requests from consumers and halt the sale of their personal information within 60 days—or potentially face strict fines.
The law, passed as Senate Bill 220, was modeled after the California Consumer Privacy Act (CCPA), though it’s more limited in some areas. Companies are still permitted to exchange personally identifiable information (PII) with their own business affiliates, for example. To be eligible for an opt-out, the operator must intend to actually sell the information.
California’s idea of PII is also somewhat broader, encompassing essentially any information that could be reasonably linked to a particular individual or household. Conversely, the Nevada law describes particular examples of information considered private, such as a consumer’s name, address, telephone number, Social Security number, and so on.
Formally in effect on October 1, SB 220 authorizes Nevada’s attorney general to bring legal action against operators of websites and apps that violate its requirements. Violators may be subject to injunctions and civil penalties of up to $5,000 per violation.
The CCPA, meanwhile, goes into effect on January 1, 2020.
The laws are a direct response by state lawmakers to sweeping privacy violations in recent years; from the litany of scandals at Facebook to the massive data breach at Equifax in 2017. The U.S. Congress has so far failed to pass any comprehensive legislation to protect American consumers’ data, despite public outcry and a series of record-breaking fines from regulators.
Tech companies have stepped up pressure on Congress to enact a national privacy law, arguing that the patchwork of state-level policies is expensive and too burdensome to follow. Privacy advocates say, however, that any law that makes it through Congress will be considerably weaker than those crafted by states. They also accuse major tech companies of pushing for a overriding federal law specifically for that reason.