A Nevada Law That Fines Companies for Selling Private Data Is About to Go Into Effect

The Stratosphere Hotel on the Las Vegas Strip in the Nevada Desert.
Photo: Dan Callister / Getty

Starting next Tuesday, Nevada residents may choose to opt-out of having their personal information resold by online businesses. A privacy bill, signed into law this May, requires website operators to respond to requests from consumers and halt the sale of their personal information within 60 days—or potentially face strict fines.

The law, passed as Senate Bill 220, was modeled after the California Consumer Privacy Act (CCPA), though it’s more limited in some areas. Companies are still permitted to exchange personally identifiable information (PII) with their own business affiliates, for example. To be eligible for an opt-out, the operator must intend to actually sell the information.

Advertisement

California’s idea of PII is also somewhat broader, encompassing essentially any information that could be reasonably linked to a particular individual or household. Conversely, the Nevada law describes particular examples of information considered private, such as a consumer’s name, address, telephone number, Social Security number, and so on.

Formally in effect on October 1, SB 220 authorizes Nevada’s attorney general to bring legal action against operators of websites and apps that violate its requirements. Violators may be subject to injunctions and civil penalties of up to $5,000 per violation.

The CCPA, meanwhile, goes into effect on January 1, 2020.

The laws are a direct response by state lawmakers to sweeping privacy violations in recent years; from the litany of scandals at Facebook to the massive data breach at Equifax in 2017. The U.S. Congress has so far failed to pass any comprehensive legislation to protect American consumers’ data, despite public outcry and a series of record-breaking fines from regulators.

Advertisement

Tech companies have stepped up pressure on Congress to enact a national privacy law, arguing that the patchwork of state-level policies is expensive and too burdensome to follow. Privacy advocates say, however, that any law that makes it through Congress will be considerably weaker than those crafted by states. They also accuse major tech companies of pushing for a overriding federal law specifically for that reason.

Share This Story

About the author

Dell Cameron

Privacy, security, tech policy | Got a tip? Email: dell@gizmodo.com | Send me encrypted texts using Signal: (202)556-0846

EmailTwitterPosts
PGP Fingerprint: A70D 517E FB9A 02C9 C56E 86D5 877E 64E7 10DF A8AEPGP Key
OTR Fingerprint: 2374A8EA 6D2B7712 0D82D659 C0FE8253 A3F080FD