Another day, another law! Florida is the latest state to pass (more narrow) privacy legislation with approval by Governor Ron DeSantis on June 6th. So how does it compare? Florida has strayed from the pack by not following the prototype of a typical comprehensive privacy law, lacking in some of the more stringent obligations set forth by other recent laws. Florida’s privacy law could be considered deficient in comparison to CPRA and VCDPA because it lacks strict conventions that most new privacy laws include.

However, it does pose its own set of regulations that cannot be ignored by companies that are in scope. In the words of Truyo President Dan Clarke, Florida’s privacy law is an “amalgamation of elements found in other laws spliced with some truly unique provisions that expand greatly on existing statutes that require reasonable care.” While it’s not what we would traditionally consider a comprehensive privacy law, Florida’s new legislation is undoubtedly impactful from its language aimed at “big tech” and social media platforms to the emphasis on protections for minors and applicability for anyone collecting sensitive data.

Dan Clarke breaks down important elements of Florida’s new privacy law:

• Social media platforms: Companies with over $1B in revenue, plus engaged in an app store or operating a smart-speaker and voice-command service, or deriving over 50% of revenue from ad sales are in scope. There is a “Digital Bill of Rights” which parallels the Virginia privacy law via the right to access/delete/correct and opt out of sale. Essentially, this mirrors standard privacy law rights but only applies to a narrow scope of companies, while adding provisions to limit the usage of this data for surveillance purposes and disclosure of search results prioritization when driven by political views.
• Minors: Florida’s privacy law provides new and significant rights emulating California for those under 18. In the law, companies are prohibited, even in an educational context, from selling a minor’s data without receiving prior affirmative authorization defined under the Children’s Online Privacy Protection Act. According to the “Humans Rights Watch” survey, 90% of educational apps sell data to 3^rd parties, making this is a good step towards online privacy protection of children in my opinion.
• Sensitive Data: Florida provides new rights to consumers by prohibiting companies from using, processing, or selling sensitive data without obtaining the consumer’s affirmative and explicit (not in general terms) consent. The definition is quite broad “personal data revealing an individual’s race, ethnicity, religious beliefs, mental or physical health diagnosis, sexual orientation, citizenship or immigration status; genetic or biometric data processed for the purpose of uniquely identifying an individual; personal data from a known child; and precise geolocation data.”

So, what’s next for privacy? Dan Clarke says, “Connecticut passed SB3 which creates significant new privacy rights for minors and protections for healthcare-related data if signed into law. Many other states still have active bills including New Hampshire, Oregon, Louisiana, Maine, North Carolina, Pennsylvania, and New York – but I doubt others will pass this legislative season. I think the next sessions will see the successful passing of many laws in the aforementioned states, and I predict we will see even more than the jaw-dropping 10 laws we saw come to fruition this year.”

If you have any questions about how Truyo can help you prepare for the onslaught of new laws, please reach out to hello@truyo.com or click here to schedule a demo of the full suite of Truyo privacy products.