web analytics

Indiana, Iowa, and Tennessee Pass Comprehensive Privacy Laws – Source: www.schneier.com

indiana,-iowa,-and-tennessee-pass-comprehensive-privacy-laws-–-source:-wwwschneier.com
#image_title
Rate this post

Source: www.schneier.com – Author: Bruce Schneier

HomeBlog

Indiana, Iowa, and Tennessee Pass Comprehensive Privacy Laws

It’s been a big month for US data privacy. Indiana, Iowa, and Tennessee all passed state privacy laws, bringing the total number of states with a privacy law up to eight. No private right of action in any of those, which means it’s up to the states to enforce the laws.

Tags: ,

Posted on May 24, 2023 at 7:23 AM
7 Comments

Comments

Winter


May 24, 2023 9:58 AM

No private right of action in any of those, which means it’s up to the states to enforce the laws.

Crucial parts:


‘https://www.jdsupra.com/legalnews/what-you-need-to-know-about-iowa-s-and-1164481/

Neither statute creates a private right of action (as is the case in all such similar laws except those in California) as enforcement authority is held exclusively by each state’s Attorney General. Fines under both laws can be for up to $7,500 per violation, but Iowa requires a notice and cure period (90 days in Iowa and 30 days in Indiana) before such fines can be imposed.

I would characterize this as: Toothless and Privacy-theater

Iowa

The Iowa law does not give residents the right to correct their personal data or to opt out of profiling or automated decision-making and does not require Iowa businesses to recognize universal opt-out signals.

Iowa is Opt-Out Indiana is Opt-In:

Under Iowa law, entities can only process sensitive data collected from a consumer for a nonexempt purpose unless they provide the consumer with clear notice and an opportunity to opt out of such processing. Under Indiana law, entities cannot process sensitive data without obtaining the consumer’s consent.

These laws were predicted after the GDPR&California came in force. Their one and only purpose is to prevent the implementation of meaningful privacy laws. Crucially, these laws were written to preempt the implementation of federal privacy laws that allowed private right of action.

Clive Robinson


May 24, 2023 11:05 AM

@ ALL,

Whilst some legislation is generally better than no legislation, that is not the case with “fig-leaf legislation”.

As @Winter has pointed out these laws are effectively discretionary via “political office” thus in effect “never use” / “blackmale financial backing” legislation. And worse not even close to the minimum that is realy needed and very urgently.

What these defective and usless legislations will do is act as a delaying tactic…

Anyone arguing for better legislation be it in a state or federally will get told by the lobby funded politicians,

“But we’ve already done that so no more, not now, or ever…”

So from my point of view as a non US citizen these laws are actually a retrograde step designed to hide the fact that bo action will be taken, unless corporate behaviour is so egregious, and the political noise so loud, that the politicians will be forced to act at some barest minimum level and then stretch it out untill the argument has become such “old news” it can get dropped or buried.

In the UK we call such political nonsense “kicking it into the long grass” where it will remain “sight unseen” for ever… Or as in quite a number of UK investigations a quater century or more, at which point the “too old to prosecute” excuse kicks in…

People in the US talk in almost scared tones about the EU GDPR, if I said that the GDPR was it’s self way to weak, and the real reason we hear about it is only because a student went the distance on making a series of cases and presenting them…

Then you will understand two things,

1, Why these laws have the “No private right of action” clauses.

2, Why these clauses make a mockery of democracy and justice.

I give them a year maybe two before people start claiming they are not just defective, but designed such that they won’t be used as long as the corporates pump money into politicians pockets as campaign contributions etc…

Lucian


May 24, 2023 11:31 AM

4th Amedment, US Constitution, has always guaranteed a personal right to privacy — but American government has always crafted ways to ignore it.

The Federal Government is by far the biggest threat to all Americans’ privacy — its illicit surveillance and intrusion activities are staggering; no private entity is comparable.


State governments act the same, but have no where near the resource capability of the oppressive Feds.

Winter


May 24, 2023 12:21 PM

@Lucian

The Federal Government is by far the biggest threat to all Americans’ privacy

Actually, no. It is private companies that do 90%+ of the surveillance. Sometimes paid by government, but mostly for their own profit.

These laws are characterized by the doors they open for commercial exploitation of private data.

ZYX


May 24, 2023 1:14 PM

The tech giants will sooner or later give Americans some privacy protections after the EU punish them into GDPR compliance.

The mere fact of tech giants complying with GDPR is going to have positive trickle down effects on protecting the privacy around the world. Just like Google unwilling and half-heartedly follow behind Apple’s lead in privacy protection. The sad thing the trickle down process is very slow.

Joe


May 24, 2023 4:28 PM

I would bet that privacy protection will not extend to women seeking abortions, morning after pills, or birth control that could be used for morning after.


Atom Feed
Subscribe to comments on this entry

Sidebar photo of Bruce Schneier by Joe MacInnis.

Original Post URL: https://www.schneier.com/blog/archives/2023/05/indiana-iowa-and-tennessee-pass-comprehensive-privacy-laws.html

Category & Tags: Uncategorized,laws,privacy – Uncategorized,laws,privacy

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post