Less sweeping but still challenging to web operators, Nevada’s “Do Not Sell” privacy law takes effect next Tuesday, Oct. 1, while California’s more heralded CCPA — California Consumer Privacy Act — will debut on New Year’s Day 2020.
The Nevada act requires operators of websites to establish a procedure whereby Nevada residents can opt out of data sales of personal information they have provided to the sites. This so-called “designated request address” can be a toll-free phone number, email address or website form for submission and must include a means for identity verification.
The way the law is written, a website operator need not even sell data to third parties to come under the mandate to establish a “designated request address” and allow Nevada residents to stop the distribution of their data at any point in the future.
The California law also grants California residents the right to view all data collected on them and the option to stop the sale and distribution of such data. The law applies to any online operation that collects data from 50,000 devices, individuals or households. Businesses with $25 million or more in revenue are automatically covered regardless of the amount of data collected. The law carries stiff financial penalties.