The United States does not have a central, federal-level privacy law like the EU’s GDPR. The US government (so far) has left this up to individual states. The result is that a handful of states have enacted online consumer privacy laws. These include:

  • California
  • Nevada
  • Virginia
  • Massachusetts
  • New York
  • Hawaii
  • Maryland
  • North Dakota

On July 7, 2021, Colorado’s governor signed SB21-190, “Act Concerning additional protection of data relating to personal privacy.” The new Colorado Personal Data Privacy Protection Law will go into effect on July 1, 2023.

California’s Consumer Privacy Rights Act (CPRA) was signed September 23, 2018 and went into effect on January 1, 2020. Proposition 24, approved Nov. 2020, expands the consumer data privacy laws and is effective January 1, 2023. It appears as if 2023 is going to be a significant year for companies doing business on the web to be serious about consumer privacy, even if they have ignored the GDPR because they aren’t doing business in Europe.

Obviously, this puts an additional requirement and layer of strain on small ecommerce companies. But this is more than simply pacifying the government. Data privacy is something that companies should take seriously rather than just trying to get by. Did you, for example, that by simply using Google Fonts on your website that you are giving Google access to your visitor’s data and you must disclose this in your online privacy policy?

So what does this mean if I live in Texas and Texas hasn’t enacted any privacy laws? Basically, if you are in another state, and you have website visitors coming to your site who live in a state with privacy laws (for example, someone in California visits a Texas website), you MUST adhere to the visiting state’s laws. The same is true if you have visitors from a European country, even if they don’t buy anything from you. As the owner of the website, it is your responsibility to protect your visitor’s privacy, regardless of where you are located, where your webmaster is located, or where your servers are located. If you don’t have a privacy policy clearly visible on your website, now might be a good time to get one drafted.

Data privacy laws restricting the sharing of data for advertising

For years, consumers have either knowingly or unknowingly handed their data over to corporations and government agencies. This of course makes it easier to track online activities, and thus target you for ads that you might be interested in. Once that goes away, marketers will have to be more creative in luring eyeballs to their websites.

iapp contributor, Arsen Kourinian, states that Following the passage of the California Privacy Rights Act, which goes into effect Jan. 1, 2023, less data will flow into the adtech environment because consumers can now restrict businesses from sharing their personal information specifically for cross-context behavioral advertising.” Virginia also passed a data privacy law March 2, 2021. The Consumer Data Protection Act permits consumers to opt out of the processing of their personal data for targeted advertising. Google has also announced that in 2022 it would eliminate third-party cookies from its Chrome browser and stop selling ads based on individuals’ browsing activity across multiple websites. As a business that sells online advertising through retargeting services like AdRoll, this is an interesting dilemma, especially because I am also an advocate of online privacy.

With retargeting coming to an end, what are the options for online businesses? Colin Hung of hitmc.com gives us 5 alternatives to consider. Read the article for details:

  1. Focus on personalizing your website and using first-party cookies
  2. Leverage social platforms like Facebook, LinkedIn, etc. and Google
  3. Partner with sites that cater to your target audience
  4. Keyword advertising
  5. Implement Facebook’s first-party cookie

To this, I am going to add my own, which I believe will continue to be a major traffic driver:

  1. Relevant, interesting content

Blogs, podcasts, videos, infographics and other high quality content will become more important than ever.

With more states passing their own privacy and security laws, will there be a federal privacy law coming soon? The prospect of a national privacy law in the United States has often seemed vague and somewhat uncertain, with democrats and republicans having different views on how this should be handled. But recent shifts in the political landscape may get the ball rolling in that direction sooner than businesses anticipated.

Tomu Johnson, of counsel at Parsons Behle & Latimer, believes that Democrats gaining control of the White House, the House of Representatives and now the Senate could be a game changer for privacy. “In the U.S. I could see real momentum this year for a privacy law that gets passed by all three branches of the government and finally creating a good baseline floor for privacy in the U.S,” he said.