New Jersey legislators are pushing forward on new data privacy legislation with disclosure and consent requirements that are akin to—and in some instances more burdensome than—the California Consumer Privacy Act.
The CCPA—which took effect in January this year—was the first statute of its kind to be adopted in the U.S. In the wake of the CCPA’s controversial implementation, co-sponsors of the New Jersey bill are holding a public hearing set for March 16 to obtain feedback on the proposed data privacy legislation. Introduced on February 25, 2020, AB 3283 is the most recent proposal to revise New Jersey’s data privacy law. You can read the bill here: https://legiscan.com/NJ/text/A4902/2018. Other bills from previous sessions remain pending, including AB4902 and AB4640.
If the latest bill is adopted in New Jersey, companies that collect, maintain, or control personally identifiable information (PII) would be required to obtain affirmative consent from consumers. This feature contrasts with the CCPA, which requires that businesses provide consumers the right to opt-out of PII sale, and it would place New Jersey law more in line with the EU’s privacy law, the General Data Protection Regulation, which requires affirmative consent.
The bill would also give a consumer the right to demand that the business provide the PII that the company has disclosed to a third party.
With multiple bills pending, it remains unclear what direction New Jersey legislators will ultimately take. Some of the questions arising from the bills are whether the final legislation would include a private right of action, allow for a safe harbor cure period, vest enforcement authority exclusively in the attorney general, or include some combination of those characteristics like the CCPA.
While the substance of the bill remains in flux, the legislative push toward public hearings—and the media attention that it is grabbing—suggests that some form of the legislation will ultimately be adopted. The New Jersey bill is one of a patchwork of bills pending in the state legislatures across the country aiming to implement measures like the CCPA and GDPR.