Broker Check

A Model Personal Data Protection Act

January 26, 2022
Share |

California, Colorado and Virginia have all passed comprehensive data privacy laws. 21 states considered similar laws in 2021. Now the Uniform Law Commission has proposed a model bill, the Uniform Personal Data Protection Act, for consideration by state legislators in 2022.

Law firm Sidley has posted details on their website (https://datamatters.sidley.com/uniform-law-commission-proposes-reasonable-uniform-personal-data-protection-act-for-state-by-state-aoption-as-federal-privacy-bills-languish). Here are the main points:

  • The bill applies to businesses who maintain a data system, excluding one-time transactions.
  • Data is categorized as 1) compatible -permissible without user consent 2) incompatible - requiring consent either .by opting out or opting in and 3) prohibited data practices. Small  businesses using only compatible data practices are exempt from the law.
  • Businesses must have an accessible data privacy policy and conduct regular risk assessments.
  • State attorneys general have rulemaking and enforcement authority.
  • In comparison with existing laws, there is no user right of deletion or portability,  and unlike California no private right of action. Privacy advocates criticize these omissions.

It remains to be seen if this bill is adopted as a middle ground between user protection and over-regulation.