May brought a flurry of new regulations and news stories—we’ve got Vermont and Maryland leading the charge with some of the strictest data privacy laws yet, states clashing with Congress over privacy rights, and more.
Another month, another GrailMail. 🗞️ May brought a flurry of new regulations and news stories—we’ve got Vermont and Maryland leading the charge with some of the strictest data privacy laws yet, states clashing with Congress over privacy rights, and more.
We’re rounding up the top stories, trends, and actionable insights you need to know this month so you can stay a step ahead.
Before getting into the top May stories, are you headed to the Gartner Security & Risk Management Summit? Stop by the DataGrail booth (#801) for a DataGrail demo and elevated giveaways. đź‘€
đź”’ Vermont just passed one of the strongest privacy bills nationwide
Vermont is set to defy national trends by enacting a new groundbreaking data privacy law.
This law allows consumers to sue data brokers for the misuse of their personal information. Legislation has barred the sale of sensitive data, and if companies break these rules, consumers can take them to court.
Consumer groups are applauding this bill, but here’s the catch: Governor Scott may veto this law over concerns of too many lawsuits hitting local Vermont businesses. Read more on the act here.
🛡️ Maryland’s MODPA isn’t just setting trends––it’s setting standards
In addition to Vermont’s law, Maryland’s Online Data Privacy Act (MODPA) could be one of the strictest in the country.
MODPA kicks in October 2026, giving businesses time to adjust—but get ready for some serious changes. With its broad application and data minimization mandates, MODPA introduces some stringent regulations concerning the handling of sensitive data. If you don’t need it, don’t collect it.
You can learn more about MOPDA in our most recent blog.
🏛️ States to Congress: “Hands off our privacy laws!”
Attorney Generals from 15 states are pushing back against federal preemption of state privacy regulations. It’s like a data privacy tug-of-war: The American Privacy Rights Act (APRA) threatens to nullify 17 state privacy laws, including California’s robust protections.
California's Attorney General is spearheading the coalition of 14 counterparts, spanning from Delaware to Hawaii, in urging Congress to reconsider APRA's preemptive. Read more on the debate here.
đźš— FTC leaning in on connected-car data privacy
The Federal Trade Commission (FTC) warned auto manufacturers that it is closely watching their data collection and sales activities, citing several recent enforcement actions which they suggested could apply to the industry’s practice of sharing sensitive car data with advertisers. Check out more information here.
đź’Ľ Minnesota takes a bold leap into data protection
On May 19, the Minnesota Consumer Data Privacy Act was passed, meaning that controllers now have to keep track of their data inventories and maintain detailed compliance documentation, setting a high standard for data privacy management in the state. Learn more about Minnesota’s new law here.
Trends Spotlight
Key Takeaways from DataGrail's Data Privacy Trends 2024 Report
Every year, DataGrail puts together a data privacy trends report, which uses data from the data subject requests we help businesses process annually.
We launched 2024’s data privacy trends report last month and are giving our GrailMail readers a highlight of key trends over the next few months. Below are a few trends to keep an eye on:
Deletion requests are the most common
Deletion requests accounted for a whopping 40% of requests on average across businesses, and opting out is becoming more mainstream.
Businesses received nearly one-third more Data Subject Requests (DSRs) in 2023 compared to 2022
Requests of all types—access, delete, or sale opt-outs—all increased by 246%.
DSR Management can cost about $800K per year
DSR Management can cost about $800K per year/1M identities for manually processing… and that’s just for access and deletion requests.
We recently launched Request Manager Workflows, the fastest and most customizable way to fulfill privacy requests. Workflows allows customers to manage how various request types and use cases are handled and programmatically define processing so you and your team can keep up with regulation changes and increasing privacy requests at scale.
But that’s not all— last month we also released enhanced spam filtering and enriched system visibility on the DataGrail dashboard. And be sure to stay tuned for our geo map feature coming soon. Check out our monthly release blog to learn more. 👀
There is a surge in lawsuits against businesses for privacy violations due to the use of tracking technologies on websites, citing old and new laws that allow consumers to sue for non-compliance, potentially leading to significant financial and reputational consequences for businesses.
A lack of transparency can make legal issues much worse. Make sure you’re being honest with your users about what data you collect and what you do with it. Check out our Do Not Sell or Share Opt-Out Guide here.
The Federal Trade Commission (FTC) is sounding a serious alarm for automakers, warning them about the potential misuse of sensitive car data such as geolocation information, and emphasizing the need for enhanced privacy protections.
With recent enforcement actions as examples, the FTC underscores the importance of compliance and data minimization, putting the pressure on automakers to reassess their data practices.
.jpg?upscale=true&width=1120&upscale=true&name=unnamed%20(1).jpg)
