United States of America: Introduced Iowa Consumer Data Protection Act (SSB 1071)

On 23 January 2023, the “Bill for an Act relating to Consumer Data Protection, providing civil penalties, and including effective date provisions” was introduced into the Iowa State Senate (SSB 1071). The Act would apply to persons that conduct business that control or process personal information of at least 100,000 consumers; or control or process personal information of at least 25,000 consumers and derive more than 50% of gross revenue from the sale of personal information. The Act sets out data rights for consumers, including (i) access to personal data; (ii) data deletion; (ii) obtaining a copy of the consumer's personal data; and (iv), opting out of targeting advertisement or the sale of personal data. In addition, the Act introduces obligations for data controllers, including the implementation of data security practices; the provision of an accessible, clear, and meaningful privacy notice and the prohibition of processing sensitive personal information without clear notice and an option to opt-out.