The Florida Digital Bill of Rights (FDBR) establishes a framework for how personal data must be handled in Florida and sets out obligations for businesses while giving consumers greater control over their information. Are you ready to comply?
The Florida Digital Bill of Rights (FDBR) is one of many different state-level privacy laws in the United States. Coming into effect in 2024, the FDBR strengthens consumer privacy and data protection rights for Florida residents and is comparable to similar laws in other states. It also establishes data protection obligations for businesses that interact with Florida residents or conduct business in the state.
FDBR requires organizations to ensure:
Data security:
Implement measures to protect data from unauthorized access
Data minimization:
Only collect the data necessary to do the discrete, stated task
Transparency:
Provide clear privacy notices
Third-party service provider management:
Ensure vendor contracts are in line with FDBR and that third parties will support the obligation to meet and comply with FDBR
The bill only applies to larger businesses with over 1 billion USD in revenue or those that derive half their revenue from digital ad sales, operate digital distribution platforms, or home virtual assistants. The law requires these firms to deliver annual privacy notices outlining the sale of any sensitive or biometric data, giving consumers a clear picture of what personal data is being sold. Privacy laws frequently change, so it is prudent to align and comply regardless of whether it is required.
The FDBR is similar to other state-level privacy legislation, granting Florida residents the right to:
Confirm whether and how a business is processing their data
Request the deletion of personal data
Correct inaccuracies in their personal information
Obtain a copy of their personal data
Consumers can opt out of the collection or processing of sensitive data, such as precise geolocation information; they can also opt out of targeted advertising, data sales, or profiling based on their personal data
Under FDBR, businesses must obtain clear and informed user consent for cookies. Consent must be freely given and unambiguous, meaning pre-ticked boxes or implied consent won’t meet compliance standards. Cookie banners require clear visibility and simple language to explain cookie use and purposes, with users given the options to accept, reject, or manage their cookie preferences. It’s for this reason that consent management platforms like CookieHub are an essential tool to keep businesses on the right side of Florida’s regulations.
Penalties for failure to comply are more severe than in comparable state legislation, with fines up to 50,000 USD per violation, which can be tripled if the violation involves children’s data, a refusal to correct or delete personal data, or continued selling of data after an opt-out request. The law makes no provision for consumers to sue for violations; enforcement is undertaken by the state attorney general’s office. While most state privacy laws provide a cure period to give businesses time to rectify violations, the 45-day cure period in Florida is discretionary.
Businesses can also take additional steps to ensure compliance and a consent-first mindset:
Conduct data audits:
Review current data practices to identify areas that need adjustment to align with FDBR
Update privacy policies:
Revise privacy notices to clearly outline data practices, consumer rights, and how to exercise those rights
Implement consent management:
Get effective management and control of cookie use with a comprehensive consent management platform like CookieHub
Employee training:
Offer staff education programs on the importance of data privacy and FDBR compliance
FDBR gives consumers control of their personal data and imposes strict penalties for non-compliance. A comprehensive and flexible consent management platform (CMP) like CookieHub makes compliance easy. Get control of your cookies and consent management for compliance, consumer trust and peace of mind.
The FDBR applies to businesses and organizations that collect, process, or handle the personal data of Florida residents. It sets standards to protect digital privacy and consumer rights in the state of Florida.
Personal data refers to any information that can identify, relate to, describe, or be linked to an individual living in Florida. This includes names, addresses, email addresses, phone numbers, and other identifying details.
Sensitive data is a specific subset of personal data that includes highly private information such as social security numbers, financial account details, health records, biometric data, and precise geolocation information.
The Florida Attorney General’s office is the primary regulatory authority responsible for enforcing the Florida Digital Bill of Rights and overseeing compliance.
Certain entities such as government agencies, non-profit organizations, and businesses with minimal data processing activities may be exempt from some or all FDBR requirements. Specific exemptions are detailed in the law.
For more details, visit the official Florida Attorney General’s website or the dedicated FDBR page provided by the Florida government.