Search form

New Jersey Bills Would Give Consumers Control Over Their Personal Data Privacy

By Jason C. Gavejian and Mary T. Costigan
  • March 11, 2019

New Jersey has joined a growing list of states considering legislation on data privacy to promote transparency, accountability, and individual choice. One bill would create new obligations for commercial entities whose online website or services collect personally identifiable information (PII) from individuals in New Jersey. A second bill would regulate an operator’s use of global positioning system (GPS) data belonging to a customer in New Jersey.

Assembly Bill 4902 (AB 4902)

AB 4902 requires an operator of a commercial internet website or online service (e.g., offsite data storage and apps) that collects PII from customers online to provide customers with notice of its data collection activities and disclosures to third parties. The operator also must allow customers to opt out of the sale or disclosure of their PII to a third party by providing a conspicuous online “Do Not Sell My Information” link. The operator need not be located in New Jersey, as long as it collects the PII from a customer “within” New Jersey.

These customer notice-and-choice rights apply to information that “personally identifies, describes, or is able to be associated with a customer of a commercial Internet website or online service.” The bill includes a non-exhaustive list of PII examples covering a broad range of information relating to a customer, as well as a customer’s children, such as names, addresses, IP addresses, phone numbers, photos, Social Security number, race and ethnicity, sexual orientation, religious or political affiliations, education, health, account balances, payment history, and internet or mobile phone activity.

A website or online service might collect covered PII in many ways, including from customer shipping information, testimonials, and surveys, requests for product information, online job applications, cookies and web analytics, and even dinner reservations. These provisions apply regardless of the customer’s purpose for accessing the website or service. The bottom line is that if a customer accesses a commercial operator’s website or online service and the operator collects his or her PII, AB 4902’s notice-and-choice rights apply.

Assembly Bill 4974 (AB 4974)

AB 4974 creates notice-and-choice rights for customers whose geolocation or GPS data is collected by an operator during use of a mobile application. An operator of mobile device applications must notify users about the GPS data collected, who it may be disclosed or sold to, how long it is retained, and the right to opt in to its disclosure or sale. AB 4974 defines an operator as a person or entity that owns a mobile device application that collects and maintains the user’s GPS data. Similar to AB 4902, the operator need not be a person or entity located in New Jersey and the user, or customer, is an individual “within” New Jersey.

***

In response to consumers’ increasing awareness of organizations’ data collection practices, data security, and individual data privacy rights, numerous states have drafted or proposed data protection legislation. Many of the proposed legislation under consideration, including New Jersey’s, create significant compliance obligations for companies that collect, use, or store personal data. These companies should consider assessing and reviewing their data collection activities, building robust data protection programs, and investing in written information security programs (WISPs) to prepare. An organization can begin by identifying all PII it collects, uses, discloses, sells, or stores; identifying cookies, pixels, and web tracking activities on its website; reviewing and updating online privacy policies; minimizing PII collection to only what is necessary; establishing and following a data retention schedule; and implementing internal policies, procedures, and training to support a meaningful data protection program.

Jackson Lewis is available to answer questions about the New Jersey bills or data privacy and protection.

©2019 Jackson Lewis P.C. This material is provided for informational purposes only. It is not intended to constitute legal advice nor does it create a client-lawyer relationship between Jackson Lewis and any recipient. Recipients should consult with counsel before taking any actions based on the information contained within this material. This material may be considered attorney advertising in some jurisdictions. Prior results do not guarantee a similar outcome.

Reproduction of this material in whole or in part is prohibited without the express prior written consent of Jackson Lewis P.C., a law firm that built its reputation on providing workplace law representation to management. Founded in 1958, the firm has grown to more than 900 attorneys in major cities nationwide serving clients across a wide range of practices and industries including government relations, healthcare and sports law. More information about Jackson Lewis can be found at www.jacksonlewis.com.

See AllRelated Articles You May Like

May 15, 2019

EPLI Trends, Sexual Harassment Claims, and Planning for 2019

May 15, 2019

As workplace laws continue to evolve, the potential risk exposure is increasing. Jackson Lewis prepared this trends overview to help assess the current workplace law landscape in the #MeToo era and the wave of agency charges, latest claims, and new laws.  Highlights include: Pay Equity Lawsuits: The Next Wave of Litigation... Read More

April 1, 2019

Retail Industry Workplace Law Update – Spring 2019

April 1, 2019

Class Action Trends Report The latest issue of our quarterly report on new developments in class action litigation focuses on independent contractors and covers the following topics: Is an “independent contract” enough? Independent contractors in California Potential strategies to protect your company and tips to defend... Read More

January 28, 2019

California Consumer Privacy Act: FAQs for Employers

January 28, 2019

Data privacy and security regulation is growing rapidly around the world, including in the United States. In addition to strengthening the requirements to secure personal data, individuals are being given an increasing array of rights concerning the collection, use, disclosure, sale, and processing of their personal information.... Read More