Privacy & Information Security Law Blog

On September 10, 2024, the U.S. District Court for the District of Utah issued an Order granting a Motion for a Preliminary Injunction, prohibiting the Utah Attorney General from implementing and enforcing the Utah Minor Protection in Social Media Act, which was set to take effect October 1, 2024.

On May 1, 2024, Utah’s Artificial Intelligence Policy Act entered into effect.

On March 19, 2024, Utah’s Governor Spencer J. Cox signed Senate Bill (SB) 98 (the “Bill”), Online Data Security and Privacy Amendments, into law. The Bill amends the Protection of Personal Information Act (§13-44-101 et seq) and the Utah Technology Governance Act in the Utah Government Operations Code (§63A-16-1101 et seq). The Utah Technology Governance Act had previously established the Utah Cyber Center, a state initiative to coordinate efforts between local, state and federal resources by sharing threat intelligence and best practices.

On October 15, 2023, a proposal was published on Utah’s social media regulation law, S.B. 152, which was signed earlier this year.

On June 28, 2023, Louisiana Governor John Bel Edwards signed into law H.B. 61, which requires interactive computer services to get parental consent (or consent from a legal representative of a minor) to enter into a contract or other agreement, including the creation of an online account, with minors younger than 18 years of age. The Act comes after similar laws enacted in Texas, Utah and Arkansas. H.B. 61 will take effect on August 1, 2024. 

On April 12, 2023, Arkansas Governor Sarah Huckabee Sanders signed into law S.B. 396 creating the state’s Social Media Safety Act (the “Act”). The Act comes after Utah’s similar social media laws enacted in March.

On March 6 and 15, 2023, both chambers of the Iowa Legislature unanimously voted to approve Senate File 262, which could make Iowa the sixth U.S. state to enact comprehensive privacy legislation. The bill is most similar to Utah’s comprehensive privacy law.

On March 1-3, 2023, the Utah legislature passed a series of bills, SB 152 and HB 311, regarding social media usage for minors. For social media companies with more than five million users worldwide, SB 152 would require parental permission for social media accounts for users under age 18, while HB 311 would hold social media companies liable for harm minors experience on the platforms. Both bills have been sent to the governor’s desk for signature.

On October 13, 2022, the Interactive Advertising Bureau (“IAB”) released for public comment an updated version of its contractual framework and new U.S. State Signals (“Signals”) specifications to help the digital advertising industry comply with the comprehensive state privacy laws of California, Virginia, Colorado, Utah and Connecticut.

On May 10, 2022, Connecticut Governor Ned Lamont signed An Act Concerning Personal Data Privacy and Online Monitoring, after the law was previously passed by the Connecticut General Assembly in April. Connecticut is now the fifth state to enact a consumer privacy law.

On March 24, 2022, Utah became the fourth state in the U.S., following California, Virginia and Colorado, to enact a consumer data privacy law, the Utah Consumer Privacy Act (the “UCPA”). The UCPA resembles Virginia’s Consumer Data Protection Act (“VCDPA”) and Colorado’s Consumer Privacy Act (“CPA”), and, to a lesser extent, the California Consumer Privacy Act (as amended by the California Privacy Rights Act) (“CCPA/CPRA”). The UCPA will take effect on December 31, 2023.

On March 27, 2019, Utah Governor Gary Herbert signed HB57, the first U.S. law to protect electronic information that individuals have shared with certain third parties. The bill, called the “Electronic Information or Data Privacy Act,” places restrictions on law enforcement’s ability to obtain certain types of “electronic information or data” of a Utah resident, including (1) location information, stored data or transmitted data of an electronic device, and (2) data that is stored with a “remote computing service provider” (i.e., data stored in digital devices or servers).  The law provides for situations in which law enforcement may obtain such information without a warrant.