Georgia: Passed Georgia Consumer Privacy Protection Act (SB 473)

On 27 February 2024, the Senate passed the Georgia Consumer Privacy Act. The Act aims to enhance the protection of consumers' personal data in Georgia and defines terms, regulates applicability, and provides exemptions for certain entities, data, and data uses. The Act applies to businesses operating in Georgia that offer products or services to consumers of this state that generate more than USD 25 million in revenue and either controls or processes the personal information of at least 25'000 consumers, deriving more than 50% of their gross revenue from the sale of personal information, or controls or processes personal information of at least 175'000 consumers during a calendar year. The Act establishes consumer rights to access, correct, delete, and opt out of data processing for targeted advertising, sale, or profiling. It also outlines the obligations of controllers and processors, sets security practices, and specifies enforcement mechanisms and penalties. Additionally, it prohibits the disclosure of consumer data to local authorities without a court order or subpoena and provides for preemption of local regulations. The Act is set to enter into force on 1 July 2026 if adopted.