You May Also be Interested in Reading...
Related Practices and Industries
Brandon N. Robinson, partner in the firm’s Birmingham Office and chair of the Data Privacy and Security Practice, interviewed with LegalTech News about Florida’s new data privacy law, known as the Digital Bill of Rights, and its impact on companies.
The article, published June 15, 2023, on LegalTech News and ALM’s Law.com discusses how the new law is different than data privacy laws passed in other states, and how it is notable for its comprehensive requirements and narrow applicability.
“It’s easy to say, ‘oh, we’ve got the [10th] state, it’s just another consumer rights privacy bill similar to the others.’ But it’s easy to miss that it’s actually not exactly like the others in the sense that it does a lot of stuff. It has a lot of requirements,” Brandon was quoted as saying. “It’s very comprehensive in what it is requiring, but it is very narrow in its applicability about most of those requirements.”
Florida’s law includes a targeted definition of controllers, which applies to for-profit corporations conducting business in Florida and meeting specific criteria, such as collecting personal data from consumers, earning over $1 billion in global gross revenue, deriving 50% of revenue from advertising, operating a smart speaker, or running an app store with at least 250,000 applications.
“It does a lot of stuff for a narrow group of entities and it seems targeted towards the online social media platforms, online advertisers, voice assistants and app stores and those sorts of things,” Robinson was quoted as saying.
The new law will take effect on July 1, 2024. Brandon encouraged companies to be aware of what the law includes, and who it applies to.
“This is a very comprehensive and restrictive bill in terms of what it requires,” Brandon said. “Most of it applies to a narrow set of entities. Go through that applicability section to see if the majority of this applies to you or not, and if so, you’ve got a lot of work to do. If it doesn’t, then be aware of the data breach notification additions. Be aware of the restrictions on the selling of data which includes sharing for monetary ‘or other valuable consideration’. Companies ought to think about the other companies that are their clients. You may not be a controller with $1 billion in revenue under this bill, but you might be a processor that processes data on behalf of that controller, in which case those processor obligations do apply to you, as well, with respect to the controller’s data.”
Brandon counsels clients in a wide variety of industries regarding cybersecurity and data privacy issues to assist them in proactively managing risks while maintaining innovative customer service in terms of data breach management and response, compliance with federal, state, and sectoral privacy laws and regulations, review and drafting of contracts with vendors and other third parties involving customer data, nondisclosure agreements, and more.
Brandon is the editor of and a frequent contributor to the firm's Data Privacy & Security Observer Blog, which provides legal updates and thought leadership on data privacy and cybersecurity issues.