FLA. SB 1670. Consumer Data Privacy.
Jump to navigation
Jump to search
| FLA. SB 1670. Consumer Data Privacy. | |
|---|---|
| Short Title | Consumer Data Privacy |
| Official Text | FLA. SB 1670. Consumer Data Privacy. |
| Country/Jurisdiction | United States |
| State or Province | Florida |
| Regulatory Bodies | |
| Date Enacted | |
| Scope of the Law | General Business |
| Information | |
| Taxonomy | Appropriation, Disclosure, Identification, Surveillance |
| Strategies | |
Text of the law
- Be It Enacted by the Legislature of the State of Florida:
- Section 1. Subsection (4) is added to section 119.01, Florida Statutes, to read:
- 119.01 General state policy on public records.—
- (4) Any public records requested from state agencies that include the personal data, including the name, address, and birthdate, or any portion thereof, of a resident of this state may not be used to market or solicit the sale of products or to the person or to contact the person for the purpose of marketing or soliciting sales without the consent of the person. Such marketing, soliciting, and contact is prohibited unless the person has affirmatively consented by electronic or paper notification to share the data with a third party before the data is used for such purpose. Appropriation, Identification
- Section 2. Section 501.062, Florida Statutes, is created to read:
- 501.062 Notice regarding privacy of information collected on the Internet from consumers.-
- (1) As used in this section, the term:
- (a) “Consumer” means a person who seeks or acquires, by purchase or lease, any good, service, money, or credit for personal, family, or household purposes from the website or online service of an operator.
- (b) “Covered information” means all of the following items of personally identifiable information about a consumer collected by an operator through a website or online service and maintained by the operator in an accessible format:
- 1. A first and last name.
- 2. A home or other physical address which includes the name of a street and the name of a city or town.
- 3. An electronic mail address.
- 4. A telephone number.
- 5. A social security number.
- 6. An identifier that allows a consumer to be contacted either physically or online.
- 7. Any other information concerning a consumer that is collected from the consumer through the website or online service of the operator and maintained by the operator in combination with an identifier in a form that makes the information personally identifiable. Identification
- (1) As used in this section, the term:
- (c) “Designated request address” means an electronic mail address, a toll-free telephone number, or a website established by an operator through which a consumer may submit a verified request to an operator.
- (d)1. “Operator” means a person who:
- a. Owns or operates a website or online service for commercial purposes.
- b. Collects and maintains covered information from consumers who reside in this state and use or visit the website or online service.
- c. Purposefully directs activities toward this state or purposefully executes a transaction or engages in any activity with this state or a resident thereof.
- 2. The term does not include:
- a. A third party that operates, hosts, or manages a website or online service on behalf of its operator or processes information on behalf of its operator;
- b. A financial institution or an affiliate thereof that is subject to the Gramm-Leach-Bliley Act, 15 U.S.C. s. 6801 et seq., and regulations adopted pursuant thereto;
- c. An entity that is subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Pub. L. No. 104-191, and regulations adopted pursuant thereto; or
- d. A manufacturer of a motor vehicle or a person who repairs or services a motor vehicle who collects, generates, records, or stores covered information that is retrieved from a motor vehicle in connection with a technology or service related to the motor vehicle or that is provided by a consumer in connection with a subscription or registration for a technology or service related to the motor vehicle.
- (e)1. “Sale” means the exchange of covered information for monetary consideration by the operator to a person for the person to license or sell the covered information to additional persons.
- 2. The term does not include:
- a. The disclosure of covered information by an operator to a person who processes the covered information on behalf of the operator;
- b. The disclosure of covered information by an operator to a person with whom the consumer has a direct relationship for the purposes of providing a product or service requested by the consumer;
- c. The disclosure of covered information by an operator to a person for purposes that are consistent with the reasonable expectations of a consumer considering the context in which the consumer provided the covered information to the operator;
- d. The disclosure of covered information to a person who is an affiliate of the operator; or
- e. The disclosure or transfer of covered information to a person as an asset that is part of a merger, acquisition, bankruptcy, or other transaction in which the person assumes control of all or part of the assets of the operator. Disclosure
- 2. The term does not include:
- (f) “Verified request” means a request submitted by a consumer to an operator for the purposes provided in subsection
- (2) for which an operator can reasonably verify the authenticity of the request.
- (2)(a) Each operator shall establish a designated request address through which a consumer may submit a verified request.
- (b) A consumer may, at any time, submit a verified request through a designated request address to an operator directing the operator not to make any sale of any covered information the operator has collected or will collect about the consumer.
- (c) An operator who has received a verified request submitted by a consumer may not make any sale of any covered information the operator has collected or will collect about the consumer.
- (d) An operator shall respond to a verified request submitted by a consumer within 60 days after the date the request is submitted. An operator may extend such period by up to 30 days if the operator determines that such an extension reasonably necessary. An operator who extends the period shall notify the consumer of such an extension.
- (3) An operator shall make available, in a manner reasonably accessible to consumers whose covered information the operator collects through its website or online service, a notice that:
- (a) Identifies the categories of covered information that the operator collects through its website or online service about consumers who use or visit the website or online service and the categories of third parties with whom the operator may share such covered information.
- (b) Provides a description of the process, if applicable, for a consumer who uses or visits the website or online service to review and request changes to any of his or her covered information that is collected through the website or online service.
- (c) Describes the process by which the operator notifies consumers who use or visit the website or online service of material changes to the notice.
- (d) Discloses whether a third party may collect covered information about a consumer’s online activities over time and across different websites or online services when the consumer uses the operator’s website or online service. Surveillance
- (e) States the effective date of the notice.
- (4) This section does not apply to an operator:
- (a) Who is located in this state.
- (b) Whose revenue is derived primarily from a source other than the sale or lease of goods, services, or credit on websites or online services.
- (c) Whose website or online service has fewer than 20,000 unique visitors per year.
- (5)(a) An operator may remedy any failure to comply with this section within 30 days after being informed of such a failure.
- (b) An operator violates this section if the operator:
- 1. Knowingly and willfully fails to remedy a failure to comply within 30 days after being informed of such a failure; or
- 2. Makes available a notice which constitutes a knowing and material misrepresentation or omission that is likely to mislead a consumer acting reasonably under the circumstances to the detriment of the consumer.
- (b) An operator violates this section if the operator:
- (6)(a) The Department of Legal Affairs shall adopt rules to enforce this section. If the department has reason to believe that an operator, directly or indirectly, has violated or is violating this section, the department may institute an appropriate legal proceeding against the operator.
- (b) The district court, upon a showing that the operator, directly or indirectly, has violated or is violating this section, may:
- 1. Issue a temporary or permanent injunction; or
- 2. Impose a civil penalty not to exceed $5,000 for each violation.
- (b) The district court, upon a showing that the operator, directly or indirectly, has violated or is violating this section, may:
- (7) This section does not establish a private right of action against an operator. This section is not exclusive and is in addition to any other remedies provided by law
- Section 3. This act shall take effect July 1, 2020.
Disclaimer: The text of this law may not be the most recent version. We make no warranties or representations about the accuracy, completeness, or adequacy of the information contained on this site. Please check official sources.
State: Florida