United States of America: Georgia Computer Data Privacy Act (SB 394) rejected

The Georgia Computer Data Privacy Act (SB 394) is rejected by the Georgia Senate after failing to pass before the end of the legislative sessions. The Bill was introduced in the Senate on 26 January 2021. The Act originally allowed businesses to collect personal information only after having provided notice and obtained the consumer’s affirmative and explicit consent. To sell data, the companies needed to obtain the consumers' opt-in consent and provide notice including the persons to whom data will be sold and the pro-rata value of the consumer’s personal information. Also, the Act introduced the right to data deletion and the right to be forgotten. Moreover, research activities by corporations could only be pursued with anonymised or aggregated data. Finally, consumers would have obtained a private right of action against any person violating the Act.