Florida’s New Privacy Law: Governor Signs S.B. 262
On June 6, 2023, Governor Ron DeSantis of Florida enacted S.B. 262, joining the ranks of states that have introduced new privacy laws this year. Notably, this law mainly targets businesses generating an annual revenue exceeding $1 billion, but it also has more comprehensive implications. Here, we delve into the key components of S.B. 262, especially the establishment of a “Digital Bill of Rights”.
How S.B. 262 Affects Major Businesses and Data Processors
The Digital Bill of Rights introduces known obligations and rights for businesses with certain operational conditions and an annual turnover exceeding $1 billion. While these will only apply to major companies, they encompass a range of privacy-related requirements. The law also influences businesses that process personal data on behalf of these large entities, known as “processors”.
Children’s Privacy and the Impact of S.B. 262
Apart from setting up the Digital Bill of Rights, S.B. 262 also presents regulations for online service providers that are primarily accessed by individuals under 18 years of age. The law includes measures to safeguard children’s personal information, limit profiling, and control data handling practices.
S.B. 262: Expanding the Scope of ‘Personal Information’
The law further broadens the definition of ‘personal information’ under the Florida Data Breach Notification Statute, covering biometric data or geolocation paired with an individual’s name or initials. This change will mandate for-profit entities in the state to obtain prior consent before selling sensitive personal information.
Conclusions and Future Compliance: The Impact of S.B. 262
Companies dealing with personal information of Floridians must critically analyze the provisions of S.B. 262, understand their applicability, and consider necessary changes for achieving compliance.
Implications on Privacy Law
The passage of S.B. 262 could signal a significant shift in privacy law across the United States. As other states observe the impact of this comprehensive privacy legislation, they might adopt similar measures. This could lead to a more uniform approach to data privacy regulation across the country, potentially making compliance easier for businesses that operate in multiple states. However, there could also be legal challenges, particularly if businesses feel that the law is too restrictive or burdensome. It will be crucial for companies to stay abreast of developments in this area and to be prepared to adjust their privacy practices as necessary.
Q/A
Q1: When does the S.B. 262 law take effect?
A1: Apart from section 111.23, which prevents governmental bodies from requesting content moderation from social media platforms, the law will come into effect from July 1, 2024.
Q2: Which businesses are most impacted by the Digital Bill of Rights under S.B. 262?
A2: The Digital Bill of Rights primarily affects businesses that earn over $1 billion annually and either (i) gain 50% or more revenue from online advertisement sales; (ii) operate a consumer smart speaker; or (iii) manage an app store or a digital distribution platform offering a minimum of 250,000 diverse software applications.
Q3: How does S.B. 262 impact children’s privacy?
A3: S.B. 262 places specific regulations on online service providers mainly accessed by individuals under 18 years of age. It restricts the processing of personal information that could harm or risk children’s privacy, limits profiling of children, and controls the collection, sale, sharing, use, and retention of children’s personal information.
Q4: What are the broader implications of S.B. 262?
A4: The law broadens the definition of ‘personal information’ under the Florida Data Breach Notification Statute and mandates profit-making entities in the state to get prior consent before selling sensitive personal information. This could significantly change how businesses handle and process personal data.
Q5: How can businesses ensure compliance with S.B. 262?
A5: Companies should thoroughly analyze the provisions of S.B. 262 to understand which sections apply to them. Based on that understanding, they should consider necessary adjustments for compliance, such as revising children’s personal data-related practices, updating incident response plans, and more.
Q6: How could S.B. 262 influence privacy law in other states?
A6: The enactment of S.B. 262 might prompt other states to adopt similar comprehensive privacy measures, potentially leading to a more uniform approach to data privacy regulation across the country. However, companies should stay updated on these developments and be ready to adjust their privacy practices as necessary.
