Latest In

News

The Best US States For Online Privacy Protection

Curious to find out more, Private Internet Access (PIA) ran a study to find out which states in the U.S. have the best and worst internet privacy laws that protect their citizens.

Author:James Pierce
Reviewer:Elisa Mueller
Sep 25, 20236.8K Shares253.7K Views
Internet privacy has become a pressing concern, with cyber attacks, data breaches, and identity thefts becoming more frequent. In the United States, each state has different laws regarding internet privacy, which can make it difficult for individuals to understand their rights and protect their data. Some states have taken a more proactive approach to safeguarding internet privacy than others, with California leading the way. Curious to find out more, Private Internet Access (PIA) ran a studyto find out which states in the U.S. have the best and worst internet privacy laws that protect their citizens.
Taking the article as a starting point, we looked at some states with the best privacy protection laws. We delved into the reasons behind the varying internet privacy laws in America.

California

California has the strongest online privacy law in the country. The California Consumer Privacy Act (CCPA) gives consumers the right to know what personal information companies collect about them, delete it, and opt out of targeted advertising.
The following are some of the key provisions of the California Consumer Privacy Act (CCPA):
  • Right to know: Consumers have the right to know what personal information is being collected about them, how it is being used, and who it’s being shared with.
  • Right to delete: Consumers can delete their personal information from a company's records.
  • Right to opt out of targeted advertising: Consumers have the right to opt out of having their personal information used for targeted advertising.
  • Right to non-discrimination: Companies cannot discriminate against consumers who exercise their privacy rights.
In addition to the CCPA, California voters approved Proposition 24 in 2020, which amended the CCPA and added additional privacy protections that began on January 1, 2023. These new protections include:
  • The right to correct inaccurate personal information that a business has about them.
  • The right to limit the use and disclosure of sensitive personal information collected about them.
  • The right to know about the sale of their personal information.
  • The right to sue businesses that violate the CCPA.
The CCPA and Proposition 24 have been a model for other states, and many other states are considering enacting their own privacy laws. These laws are helping to protect consumers' privacy and give them more control over their personal information.
If you are a California resident, you can learn more about your privacy rights and how to exercise them on the California Attorney General's Office website.

Connecticut

Connecticut recently enacted the Connecticut Data Privacy Act (CTDPA), a comprehensive consumer privacy law that takes effect on July 1, 2023. The CTDPA gives Connecticut residents rights over their data and establishes responsibilities and privacy protection standards for data controllers that process personal data.
Some of the key provisions of the CTDPA include:
  • Right to know: Consumers have the right to know what personal information is being collected about them, how it is being used, and who it’s being shared with.
  • Right to delete: Consumers can delete their personal information from a company's records, subject to certain exceptions.
  • Right to opt out of targeted advertising: Consumers have the right to opt out of having their personal information used for targeted advertising.
  • Right to restrict processing: Consumers have the right to limit the processing of their personal information for specific purposes, such as marketing.
  • Right to data portability: Consumers can obtain a copy of their personal information in a portable format.
  • Right to be informed of security breaches: Consumers have the right to be informed of a security breach that has resulted in the unauthorized access or disclosure of their personal information.

Colorado

The Colorado Privacy Act (CoPA)was enacted on July 1, 2023. This comprehensive privacy law gives Colorado residents control over their personal information. The CoPA applies to businesses that collect the personal information of at least 100,000 Colorado residents or more consumers during a calendar year.
Starting July 1, 2024, businesses must honor consumers' opt-outs of targeted advertising and sales. Residents can access, correct, delete, and port their data. Companies generally have 45 days to respond to consumer requests. Below is a detailed explanation of each right:
  • Right to opt out of targeted advertising: This means that consumers can choose not to have their personal information used to show them targeted ads.
  • Right to opt out of the sale of personal data: This means that consumers can choose not to have their personal information sold to other businesses.
  • Right to access: This means that consumers can request to see a business's personal information about them.
  • Right to correct: This means that consumers can request to correct any inaccurate or incomplete personal information about a business.
  • Right to delete: This means that consumers can request to have their personal information deleted from a business's records.
  • Right to data portability: This means that consumers can request to receive a copy of their personal information in a portable format, such as a CSV file.

Virginia

The Virginia Consumer Data Protection Act (VCDPA) was enacted on January 1, 2023. This comprehensive privacy law gives Virginia residents control over their personal information. The VCDPA applies to businesses that collect the personal information of at least 100,000 Virginia residents or 250,000 residents of all states combined.
In addition to the VCDPA, Virginia also has the Personal Information Privacy Act (PIPA), which regulates the sale of personal information by merchants and the use of social security numbers. The PIPA prohibits merchants from selling their customers' personal information without the customer's consent. It also prohibits merchants from using social security numbers for any purpose other than verifying the identity of their customers.

Illinois

Illinois has a comprehensive privacy law called the Illinois Biometric Information Privacy Act (BIPA), which was enacted in 2018. The BIPA gives Illinois residents control over their biometric information. Biometrics is the process of identifying individuals based on their unique physical and behavioral characteristics. This technology is often used for verifying personal identity, such as in access control systems or mobile payments. Some examples of biometric information include fingerprint information, facial scans, and hand geometry.
Here are some of the key provisions of the BIPA:
  • Notice: Businesses must provide clear and conspicuous notice to consumers about how their biometric information is being collected, used, and shared.
  • Consent: Businesses must obtain approval from consumers before collecting, using, or sharing their biometric information.
  • Deletion: Consumers can request that businesses delete their biometric information.
  • Right to sue: Consumers can sue businesses that violate the BIPA.
The BIPA is a strong privacy law that gives Illinois residents more control over their biometric information. It’s the first law in the US to address biometric information privacy specifically.
It’s important to note that even the states with the most robust online privacy laws may be unable to protect your privacyfrom all threats. For example, if you use a website or app hosted in another country, that website or app may not be subject to your state's privacy laws.
Jump to
James Pierce

James Pierce

Author
Elisa Mueller

Elisa Mueller

Reviewer
Latest Articles
Popular Articles