Image for article type insight
Insight

USA: State privacy laws entering into effect in 2025

January 7, 2025
Summary

In January 2025, new privacy laws took effect in Delaware, Nebraska, New Hampshire, Iowa, and New Jersey, joining other US states with existing privacy legislation. These laws share common principles such as data minimization, purpose limitation, and confidentiality, but have unique provisions. Delaware's law, for example, requires opt-in consent for sensitive data and has a 60-day cure period for violations. Nebraska's law applies broadly and allows a 30-day cure period, while New Hampshire's law limits the right to confirm processing to protect trade secrets. Iowa's law does not address Data Protection Assessments (DPAs), and New Jersey's law includes financial information as sensitive data and requires a universal opt-out mechanism for targeted advertising by July 2025.

On January 1, 2025, privacy legislation in Delaware, Nebraska, New Hampshire, and Iowa entered into effect, joining California, Texas, and Colorado among other US states that already have privacy laws in force. January will also see the entrance into effect of New Jersey's Act concerning commercial Internet websites, online services, consumers, and personally identifiable information (NJDPA) on the 15th of the month. OneTrust DataGuidance breaks down the key provisions of the five state privacy laws. General similaritiesAlthough there are distinct differences in the provisions of each law, similar principles related to data processing are given, including:data minimization: controllers must

Insight

Gain access to unlimited articles with 7 day access to all features, no credit card required.

or

Other options: