New Jersey enacts comprehensive privacy law
January 15, 2024
Want to receive these weekly privacy recaps in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.
New Jersey Enacts Comprehensive Privacy Law
The law will go into effect January 16, 2025.
The New Jersey law mostly borrows and combines elements from several existing state privacy laws, but it may uniquely impact certain sectors.
For example, the definition of “sensitive data” (which requires prior consent) includes certain financial information (although entities and data regulated by the Gramm-Leach-Bliley Act are exempt).
Additionally, although data regulated by HIPAA is exempt, entities regulated by HIPAA are not exempt, meaning that they must comply with respect to any non-HIPAA regulated data.
There is also no exemption for nonprofit organizations.
Hearst VPPA Class Action Overcomes Motion to Dismiss
A Massachusetts District Court judge held (case 1:23-cv-10998-RGS) that a class action against Hearst Television adequately pled violations of the Video Privacy Protection Act based on allegations that Hearst disclosed identifiable video viewing records with third parties through integration with Braze and Doubleclick APIs on Hearst’s local news apps.
Notably, the district judge held that the plaintiff’s provision of her email address and agreement to enable geolocation services and push notifications when she downloaded the app was sufficient consideration for her to constitute a “subscriber” under the VPPA.
The judge also held that Hearst’s receipt of analytics allowing it to provide advertisements to specific users was sufficient to demonstrate that Hearst knew it was collecting data from users that identified personalized information about them, and that the application of the VPPA in this context does not violate the First Amendment.
noyb Strikes at Meta’s Pay or Ok Model From a Different Angle
Advocacy group noyb announced a second complaint filed with the Austrian data protection authority against Meta’s new paid subscription model offered by Meta as an alternative to consenting to personalised ads on Facebook and Instragram.
This time, noyb alleges that, by requiring users to buy an annual subscription as a condition of withdrawing consent, Meta is violating the GDPR by not making it as easy to withdraw as to give consent.
noyb‘s previous complaint, filed in December 2023, alleged that Meta’s new subscription model violates GDPR by not obtaining consent that is “freely given”, arguing that the subscription fee of up to €251.88 / year for access to both platforms is out of proportion with Meta’s estimated €62,88 / year annual revenue per user in Europe.
Want more of the privacy highlights that matter to adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.
A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.
Latest Blog Posts
California Attorney General Bonta announced a settlement with Doordash based on...
Explore the intricate landscape of Consent or Pay models...
A blog post from the FTC reminded companies that simply changing...
Latest White Papers
The current state of publisher compliance with CCPA, and...
How to review your vendor list to mitigate compliance...
Keep in touch
Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.