CookieHub Logo

Florida Digital Bill of Rights (FDBR) cookie consent and compliance

The Florida Digital Bill of Rights (FDBR) establishes a framework for how personal data must be handled in Florida and sets out obligations for businesses while giving consumers greater control over their information. Are you ready to comply?

30 day free trial

No credit card required

What your business needs to know about FDBR

What your business needs to know about FDBR

The Florida Digital Bill of Rights (FDBR) is one of many different state-level privacy laws in the United States. Coming into effect in 2024, the FDBR strengthens consumer privacy and data protection rights for Florida residents and is comparable to similar laws in other states. It also establishes data protection obligations for businesses that interact with Florida residents or conduct business in the state.

What does FDBR compliance require?

FDBR requires organizations to ensure:

Data security:

Implement measures to protect data from unauthorized access

Data minimization:

Only collect the data necessary to do the discrete, stated task

Transparency:

Provide clear privacy notices

Third-party service provider management:

Ensure vendor contracts are in line with FDBR and that third parties will support the obligation to meet and comply with FDBR

Who needs to comply with FDBR?

Who needs to comply with FDBR?

The bill only applies to larger businesses with over 1 billion USD in revenue or those that derive half their revenue from digital ad sales, operate digital distribution platforms, or home virtual assistants. The law requires these firms to deliver annual privacy notices outlining the sale of any sensitive or biometric data, giving consumers a clear picture of what personal data is being sold. Privacy laws frequently change, so it is prudent to align and comply regardless of whether it is required.

Consumer rights under the FDBR

The FDBR is similar to other state-level privacy legislation, granting Florida residents the right to:

Why cookies as part of FDBR compliance

Why cookies as part of FDBR compliance

Under FDBR, businesses must obtain clear and informed user consent for cookies. Consent must be freely given and unambiguous, meaning pre-ticked boxes or implied consent won’t meet compliance standards. Cookie banners require clear visibility and simple language to explain cookie use and purposes, with users given the options to accept, reject, or manage their cookie preferences. It’s for this reason that consent management platforms like CookieHub are an essential tool to keep businesses on the right side of Florida’s regulations.

Penalties for FDBR non-compliance

Penalties for FDBR non-compliance

Penalties for failure to comply are more severe than in comparable state legislation, with fines up to 50,000 USD per violation, which can be tripled if the violation involves children’s data, a refusal to correct or delete personal data, or continued selling of data after an opt-out request. The law makes no provision for consumers to sue for violations; enforcement is undertaken by the state attorney general’s office. While most state privacy laws provide a cure period to give businesses time to rectify violations, the 45-day cure period in Florida is discretionary. 

How to comply with the FDBR

Businesses can also take additional steps to ensure compliance and a consent-first mindset:

Conduct data audits:

Review current data practices to identify areas that need adjustment to align with FDBR

Update privacy policies:

Revise privacy notices to clearly outline data practices, consumer rights, and how to exercise those rights

Implement consent management:

Get effective management and control of cookie use with a comprehensive consent management platform like CookieHub

Employee training:

Offer staff education programs on the importance of data privacy and FDBR compliance

How CookieHub can help with FDBR compliance

FDBR gives consumers control of their personal data and imposes strict penalties for non-compliance. A comprehensive and flexible consent management platform (CMP) like CookieHub makes compliance easy. Get control of your cookies and consent management for compliance, consumer trust and peace of mind.

Frequently Asked Questions

The FDBR applies to businesses and organizations that collect, process, or handle the personal data of Florida residents. It sets standards to protect digital privacy and consumer rights in the state of Florida.

Personal data refers to any information that can identify, relate to, describe, or be linked to an individual living in Florida. This includes names, addresses, email addresses, phone numbers, and other identifying details.

Sensitive data is a specific subset of personal data that includes highly private information such as social security numbers, financial account details, health records, biometric data, and precise geolocation information.

The Florida Attorney General’s office is the primary regulatory authority responsible for enforcing the Florida Digital Bill of Rights and overseeing compliance.

Certain entities such as government agencies, non-profit organizations, and businesses with minimal data processing activities may be exempt from some or all FDBR requirements. Specific exemptions are detailed in the law.

For more details, visit the official Florida Attorney General’s website or the dedicated FDBR page provided by the Florida government.

©2025 CookieHub ehf.