New Hampshire passes comprehensive privacy law

Julie Rubash, General Counsel and Chief Privacy Officer
January 22, 2024

Want to receive these weekly privacy recaps in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.


New Hampshire Legislature Passes Comprehensive Privacy Law

New Hampshire SB255 was officially confirmed by the Senate after the House passed an amended version of the bill in early January.

Unless vetoed by the Governor, the law will automatically be enacted 5 days after its passage and take effect January 1, 2025, making New Hampshire the fourteenth state to pass a comprehensive privacy law. 


SB 255 is largely identical to Connecticut’s privacy law, with some differences, including lower consumer data processing thresholds for application of the law to businesses.

Like Connecticut and over half of the comprehensive privacy laws enacted so far, the New Hampshire law would require recognition of universal opt-out preference signals.   

Read more:

Guide to US State Privacy Laws

Comparing U.S. state privacy laws: Sensitive Data

FTC Delivers Another Ban for Use of Location Data Without Consent

In the second Order of its kind in just two weeks, the FTC issued an outright ban as a proposed penalty for the collection and use of location data without informed consent.

This most recent proposed Order prohibits data aggregator InMarket Media from selling or licensing location data and from selling, licensing, transferring or sharing any product or service that categorizes or targets consumers based on sensitive location data.

InMarket will also be required to delete all historic location data collected through its apps (unless affirmative express consent to maintain the data is obtained), to delete, identify or render non-sensitive all historic location data collected from third parties, and to delete or destroy all audience segments created using historic location data.

The Order is based on InMarket’s alleged violation of the FTC Act by, among other allegations,

  • failing to fully disclose, prior to system prompts seeking consent for collection of location data in InMarket’s own apps, that the data would be used for targeted advertising; and
  • failing to verify that users of third-party apps incorporating InMarket’s SDK had been notified prior to consent prompts that their location data would be used for targeted advertising. 


The InMarket Order comes less than two weeks after the FTC announced a similar Order prohibiting data broker X-Mode Social and its successor Outlogic from sharing or selling any sensitive location data.

That Order was based on allegations, among others, that X-Mode failed to ensure that users of its apps and third-party apps that use the X-Mode SDK were fully informed about how their location data would be used prior to or as part of iOS and Android consent prompts. 


CNIL Fines Yahoo 10 Million Euros Over Cookie Violations

The French Data Protection Authority (CNIL) announced a 10 million Euro fine based on allegations that Yahoo placed advertising cookies on without user consent and failed to offer users of Yahoo! Mail the ability to withdraw consent freely without losing access to the Yahoo messaging service—both of which put them in violation of the ePrivacy Directive.


While the GDPR provides for a “one-stop-shop” mechanism, requiring jurisdictions in the EEA to cooperate under a lead supervisory authority regarding actions impacting users across multiple jurisdictions, the ePrivacy Directive does not.

Accordingly, as the CNIL explains in its press release, the CNIL considers itself to be “materially competent to control and sanction operations linked to cookies placed by companies on the terminals of Internet users located in France”, without an obligation to cooperate with other jurisdictions.

In effect, this means that a company could be separately sanctioned by each impacted jurisdiction for alleged ePrivacy Directive violations such as the placement of advertising cookies without consent. 

Want more of the privacy highlights that matter to adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.

A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.

Latest Blog Posts

Vermont Data Privacy Bill Is Vetoed

June 17, 2024

Vermont Governor announced his veto of a bill that...

You Are Who You Work With: Cookie Consent and Data Privacy

June 11, 2024

Who you work with for consent management and data...

Texas AG Prepares for “Aggressive Enforcement” of Privacy Laws

June 10, 2024

Texas Attorney General announced a data privacy and security...

Latest White Papers

Benchmark Report: US Privacy Compliance

August 19, 2022

The current state of publisher compliance with CCPA, and...

Ebook: A Publisher’s Guide to Vendor List Curation

December 16, 2021

How to review your vendor list to mitigate compliance...

Keep in touch

Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.

Let's explore what we can do together.

We'll be in touch within 48 hours

[contact-form-7 id="593" title="Schedule a Demo"]