In case you haven’t been tracking — I hadn’t — the Oregon Consumer Privacy Law goes into effect today, July 1, 2024. The law is structured along the same lines as the General Data Protection Regulation (GDPR) and California law around consumer data, its use, and its storage. Which means if you’re doing anything with someone’s data, it applies to you.
The Oregon Consumer Privacy Act will affirmatively provide Oregonians with a number of important rights over their personal information, and imposes specific obligations on businesses who collect, use, store, disclose, analyze, delete or modify (“process”) consumers’ personal data (“controllers”) and those entities who process personal data on behalf of controllers (“processors”):
- Right to Know: Consumers will have the right to know whether controllers are processing their data, as well as the categories of data being processed and third parties the data has been disclosed to. Consumers will also have a right to obtain a copy of the consumer’s personal data that a controller has or is processing;
- Right to Correction: Consumers will have the right to correct inaccuracies in their data;
- Right to Deletion: Consumers will have the right to require a controller to delete their personal data held by a controller;
- Right to Opt Out: Consumers will have the right to opt out of the processing of their personal data for targeted advertising, sale or profiling of the consumer in a way that produces legal effects; and
- Right to Data Portability: When consumers exercise their right to obtain a copy of their personal data held by a controller, it must be provided in a portable and useable format.
Additional protections are assigned to different types of data like data belonging to minors.
For more details, visit Oregon Consumer Privacy Law.
(h/t Matti Neustadt)
More news
