Privacy & Information Security Law Blog

Last week, Utah Governor Spencer J. Cox signed three privacy-related bills into law. The bills are focused on, respectively, protection of motor vehicle consumer data, regulations on social media companies with respect to minors, and access to protected health information by third parties. The Utah legislature appears to be focused on data-related legislation this session, as Governor Cox signed two other bills related to AI into law last week as well.

The Governor signed Senate Bill (SB) 215, the Motor Vehicle Consumer Data Protection Act, on March 13, 2024, into law. SB 215 becomes effective on May 1, 2024. SB 215 provides requirements for, and restrictions on, vendor management for connected, or “smart,” vehicles. These include parameters for contracts related to protected data.

On March 13, 2024, the Governor signed SB 194, the Social Media Regulation Amendments, into law. SB 194 amends Utah’s Minor Protection in Social Media Act by requiring social media companies to implement age verification systems and parental controls on minor accounts. As part of the age verification requirements, SB 194 gives social media companies 30 days to respond to a request by account holders to appeal the age designation provided to them. The law also requires social media companies to set default privacy settings and disable features that prolong user engagement. SB 194 goes into effect on October 1, 2024.

Finally, on March 14, 2024, the Governor signed House Bill (HB) 427 on Access to Protected Health Information into law. HB 427, effective May 1, 2024, clarifies the rights and obligations of individuals involved in a third-party request for medical records or payment and balance information (e.g., with respect to patients, health care providers and third-party service providers). HB 427 also establishes penalties for failure to fulfill a request for payment and balance information.