🆕  2025 U.S. State Privacy Laws: what you need to know

A complete guide to data privacy regulations

Data privacy regulations continue to pile up for global businesses. Read our guide to start complying across your business locations and systems.
Read time
3 min read
Last updated
May 17, 2024
Ketch is simple,
automated and cost effective
Book a 30 min Demo

The average consumer is awakening to the ways their data is being collected, shared and sold without their consent or knowledge – and consumers are, in turn, awakening legislators. 

Data shows that approximately six out of ten Americans believe it's impossible to go through life without having their data collected. As a result, 81% of US adults feel a lack of control over their data, and 79% express concern over data use. 

Many governments are starting to respond more forcefully by developing and enforcing data privacy regulations, many of which carry significant penalties for organizations caught skirting the rules. The goal of these regulations is to protect citizens' rights and ensure organizations handle personal data responsibly – but the policies are inconsistent, leaving organizations to grapple with abiding by different rules which correspond to different consumers. 

Protecting data privacy rights is becoming an increased priority globally and companies that don’t keep up will be left behind. Gartner estimates that by the end of 2023, at least 65% of the world's population will be subject to data privacy regulations. To ensure compliance, organizations must be able to navigate and abide by the current patchwork of legislation. 

Data privacy laws by country

Today, over 80 countries have passed or strengthened data privacy laws.

Data privacy laws are not universal; they vary by country, with some being stricter than others. However, there can be an overlap between certain countries, such as the General Data Protection Regulation (GDPR). This applies to processing European residents' data. Canada has a similar statute called the Personal Information Protection and Electronic Documents Act (PIPEDA).

While there is no federal-level data protection and privacy law within the United States, individual states have adopted their own legislation, such as the California Consumer Privacy Act (CCPA), which took effect on January 1, 2020. More states continue to follow, so businesses must remain aware of changes. 

Understanding data protection laws around the world is crucial if you conduct business internationally or plan to expand. For example, you may think that the GDPR does not apply to you as an American-based company. That's a costly mistake. GDPR applies to who your business targets more than where your business is located. For example, if you are a US company that handles data from people in the European Union (EU), the GDPR applies to you. 

Read more here: Does GDPR apply to US customers?

Countries with strict data privacy laws outside of the EU, Canada, and the United States include:

However, this is not a comprehensive list. As stated above, dozens of countries are now enforcing or developing data privacy laws. To protect your business, remain mindful of ongoing data privacy regulation trends

Data privacy laws in Europe

In the EU, the General Data Protection Regulation (GDPR) is a set of data privacy laws that protects its residents. Since being implemented in 2018, several companies have been penalized for failure to comly. The consequences can be severe when you do not practice GDPR compliance, including:

  • Significant fines that can equal up to four percent of the company's annual turnover.
  • Legal repercussions in the event of a breach. 
  • A blow to a company's reputation from increased public attention, resulting in severe commercial repercussions. 

Regardless of the size of your business, this privacy policy must be followed. The goal is to limit the amount of customer data business organizations can access. Citizens are entitled to greater control over their personal information, and this policy forces businesses to handle data in ways that ensure and respect privacy rights. 

While Europe developed the laws associated with the EU GDPR, their impact reaches far beyond European borders. If you collect any data related to EU citizens, the GDPR applies to you. 

United States data protection laws

Despite several proposals over the years, there are still no federal data privacy laws. The American Data Privacy and Protection Act (ADPPA) has passed numerous legislative stages but still faces hurdles. So, when considering variables related to US data protection laws vs. GDPR, the main difference is that no singular, comprehensive policy applies to all types of data and all businesses in the United States. 

Despite that, some regulations govern more specific sectors, such as the following:

Dive deeper: Your guide to US state data privacy compliance

Data privacy laws by state

United States data protection laws are currently enforced based on individual state laws. Here are some of the data privacy laws by state.

The most comprehensive data privacy laws based on individual states include:

  • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
  • Virginia Consumer Data Protection Act (VCDPA)
  • Colorado Privacy Act (CPA)
  • Connecticut Data Privacy Act (CTDPA)
  • Utah Consumer Privacy Act (UCPA)

There are also more limited data privacy laws based on individual states, including:

  • Nevada enforces several laws, such as NRS § 603A.300. This law mandates that websites allow Nevada-based users to opt-in before companies can sell personal information to third parties. 

Ten additional states enforce limited data protection laws compared to those mentioned above. These include:

Read time
3 min read
Published
October 21, 2023
Need an easy-to-use consent management solution?

Ketch makes consent banner set-up a breeze with drag-and-drop tools that match your brand perfectly. Let us show you.

Book a 30 min Demo

Continue reading

Product, Privacy tech, Top articles

Advertising on Google? You must use a Google certified CMP

Sam Alexander
3 min read
Marketing, Privacy tech

3 major privacy challenges for retail & ecommerce brands

Colleen Barry
7 min read
Marketing, Privacy tech, Strategy

Navigating a cookieless future with Google Privacy Sandbox

Colleen Barry
7 min read
Get started
with Ketch
Begin your journey to simplified privacy operations and granular data control across the enterprise.
Book a Demo
Ketch was named top consent management platform on G2