Iubenda logo
Start generating


Table of Contents

🎯 Make your site compliant with new U.S. Privacy Laws

As we approach the end of 2023, it’s crucial to reflect on the significant developments in U.S. privacy laws that have reshaped how businesses handle consumer data. This year marked the enforcement of several pivotal privacy legislations, including the Utah Consumer Privacy Act (UCPA), which comes into effect on December 31, 2023.

NEW 4 new US privacy laws became effective in 2023

👉 CRPA in California, on January 1st.
👉 VCDPA in Virginia, on January 1st.
👉Colorado Privacy Act (CPA) on July 1st.
👉 The Connecticut Data Privacy Act (CTDPA) on July 1st.

COMING UP US privacy law

👉 The Utah Consumer Privacy Act (UCPA) will go into effect on December 31, 2023

  • UCPA favors business interests while protecting consumer data, effective December 31, 2023.
  • Applicable to companies operating in Utah or serving its residents.
  • Enhances consumer rights for accessing, deleting, and opting out of data processing.
  • Companies must update data handling practices, privacy policies, and implement consumer request processes.
  • Requires companies to ensure data security measures comply with UCPA standards.

In 2023, the U.S. privacy landscape experienced significant changes, impacting how organizations handle personal data. Key changes and compliance strategies with iubenda are summarized below:

📌 Key Changes in U.S. Privacy Laws for 2023 

  1. Enhanced Privacy Policy Requirements: Organizations must provide a detailed Privacy Policy. This includes disclosing new user rights and describing data processing practices more comprehensively.
  2. Opt-out Options for Users: Users must be able to opt out of certain data processing activities, including the sale of their data, targeted advertising, and data sharing.
  3. Specific Laws:
  • VCDPA (Virginia) and CTDPA: Require opt-in consent for processing sensitive data, such as geolocation.
  • CPRA (California): Adds to the CCPA by mandating a notice at the point of data collection, detailing the categories of personal information collected, the purposes of collection, and information about data sale/sharing.
Does it apply to me?

  • VCDPA applies to organizations that conduct business in Virginia or provide products/services to Virginia persons.
  • CPRA is an amendment to the CCPA and adds new requirements for legal entities that gather personal data from California residents.
  • Not doing business in Virginia or California? Be aware that privacy compliance is becoming increasingly popular among legislators. New laws will soon be enforced in other states. With iubenda, you comply with existing requirements and automatically receive updates to stay on top of future regulations.

Not sure if US laws apply to you? Do this free 1-min quiz

How do I comply?

📌 Within the Privacy and Cookie Policy Generator

Either generate your U.S. Privacy Policy or update your existing policy by clicking “Enable disclosures for users residing in the United States” to activate the new US-specific clauses.

📌 Within the Privacy Controls and Cookie Solution

Once you complete the previous step, the Privacy Controls and Cookie Solution will auto-configure to meet the new US requirements allowing your users to opt-out. If you are not using our Privacy Policy, simply select the regions where you’re based while configuring the Privacy Controls and Cookie Solution.

Anything else I should know?

👉 We’ve added usage-based pricing to our Privacy Controls and Cookie Solution to support the new U.S. regulations.
👉 If your website exceeds 25,000 monthly page views, simply choose the plan that best applies to your site’s monthly traffic.

Why the premium features?

We dramatically increased the complexity of our solution to meet current state-level legislations, including what comes next.

  • The Privacy Controls and Cookie Solution now allows you to tag scripts to handle U.S. opt-out requests.
  • iubenda is now among the few providers compatible with GPP & GPC. Our Privacy Controls and Cookie Solution automatically detects and respects the GPC signal, eliminating the need for users to tag scripts and allowing them to honor opt-out requests effortlessly.
  • The solution now adds a footer widget to your site allowing U.S. users to opt-out from processing.
  • A Consent Banner will also display to collect an opt-in if the user is sharing sensitive data (geolocation data, bank account numbers, etc.). This banner provides the ability to consent or reject to the use of this data.