New Delaware Personal Data Privacy Act to Take Effect in 2025
3 min. read
Updated on
Share this article
Improve this guide
Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more
On September 11, 2023, Governor John Carney signed the Delaware Personal Data Privacy Act, granting consumers more control over their information.
This way, Delaware has become the twelfth US state to pass a comprehensive data privacy law.
Understanding the Delaware Data Privacy Act
Governor John Carney has signed the Delaware Personal Data Privacy Act, giving new rights to consumers.
The sponsor of House Bill 154 and State Representative Krista Griffith said it gives Delawareans rights they’ve never had before.
The Delaware Personal Data Privacy Act, taking effect on January 1, 2025, grants consumers the right to see the information organizations collect on them and correct or delete it.
When such requests are made, companies have 45 days to respond.
The new bill also prevents them from analyzing and selling user data without consent.
In addition, the state is the first to raise the bar for selling data belonging to kids from 16 to 18.
This new law applies to businesses that control data of 35,000 or more consumers. Griffith pointed out that the number was tailor-made for Delaware, which has a population of just over a million people.
Companies in control of data belonging to 10,000 or fewer consumers but derive over 20% of their gross revenue from selling it also have to comply. The clause mirrors the ones in Virginia (50% of gross revenue) and Connecticut (25% of gross revenue).
These rules don’t apply to securities brokers and dealers, as well as financial companies that fall under the Gramm-Leach-Bliley Act. The Financial Industry Regulatory Authority also secured an exception for registered national securities.
The Delaware Department of Justice will offer a 60-day cure period for any violations until the end of 2025. If an organization still doesn’t comply, the DDOJ can proceed with enforcement.
No later than July 2024, the DDOJ will also conduct a public outreach to make consumers aware of their rights.
Delaware is the twelfth US state to pass a thorough data privacy law and the seventh in 2023 alone.
Other states with such regulations include California, Virginia, Colorado, Connecticut, Utah, Iowa, Indiana, Tennessee, Montana, Texas, and Florida.
The two-year campaign for data privacy reform
The governor’s signature represents the culmination of Representative Krista Griffith’s two-year campaign to give people power over their personal data.
Her stance is that it’s “so important that we establish comprehensive rights for consumers and ensure that they have avenues to take control over their personal information.”
Griffith also said that up to now, Delawareans didn’t know who has their information, how much of it they have, and had no option to correct or delete it.
She also pointed out that the state is the first to include a clause for teenagers, although Connecticut did a clean-up bill to add it.
