Utah becomes fourth US state to enact comprehensive consumer privacy legislation

On March 24, Gov. Spencer Cox, R-Utah, signed the Utah Consumer Privacy Act into law, making Utah the fourth state to enact comprehensive consumer privacy legislation. The law goes into effect Dec. 31, 2023.

The UCPA is both similar to and different from the consumer privacy laws of California, Virginia and Colorado. Namely, it draws heavily from the Virginia Consumer Data Protection Act and several of its VCDPA-like components are also contained in the Colorado Privacy Act. At first glance, certain aspects of the law bear resemblance to the California Consumer Privacy Act. In practice, however, the substance of the UCPA takes a lighter, more business-friendly approach to consumer privacy than all three of its predecessors.

UK finalises landmark data decision with South Korea to help unlock millions in economic growth.

UK organisations will be able to share personal data securely with the Republic of Korea before the end of the year as the UK finalises legislation for its first independent adequacy decision.

  • Organisations will be able to transfer personal data securely to the Republic of Korea without restrictions by the end of the year following legislation
  • UK decision will help generate an estimated £14.8 million in annual business savings and increased exports
  • Milestone formalises first data adequacy decision since UK left the European Union and goes beyond scope of previous EU deal – boosting investment.

Connecticut enacts comprehensive consumer data privacy law

On May 10, 2022, Connecticut became the fifth U.S. state with comprehensive consumer privacy legislation after Gov. Ned Lamont, D-Conn., signed Senate Bill 6, An Act Concerning Personal Data Privacy and Online Monitoring, into law. Most provisions of the law will go into effect alongside the Colorado Privacy Act July 1, 2023, giving organizations just under 14 months to come into compliance.