Understanding Florida's Digital Bill of Rights

Explore the Florida Digital Bill of Rights (FDBR), what sets it apart from other state privacy laws, and how CookieHub can help businesses stay compliant.

A Guide to the Florida Digital Bill of Rights (FDBR)

Trusted and used by 25,000+ websites and great companies across the world.

Monday.com
Semrush
Dealfront
Yotpo.com
Tixly.com
Cookie Preferences

What your business needs to know

Effective July 1st, 2024, the Florida Digital Bill of Rights (FDBR) is designed to strengthen consumer privacy and data protection for residents of Florida—and follows in the wake of comparable legislation in other states. Establishing a framework for how personal data must be managed in Florida, the Bill sets out obligations for businesses handling personal data and grants consumers greater control over their information. In this article, we’ll take a look at what the Bill says and how businesses that serve Florida residents can stay compliant.

What sets FDBR apart from other state privacy laws?

The Florida Digital Bill of Rights covers many of the same privacy bases as other state legislations, granting Florida residents the right to: 

  • Confirm whether a business is processing their data and gain access to it.
  • Correct any inaccuracies in their personal information.
  • Request the deletion of personal data that was provided or collected about them.
  • Obtain a copy of their personal data.
  • Opt out of targeted advertising, data sales, or profiling based on their personal data.
  • Opt out of the collection or processing of sensitive data, such as precise geolocation information.

However, the Bill only applies to larger businesses—those with over $1 billion in revenue or those that derive half their revenue from digital ad sales, operate digital distribution platforms or home virtual assistants. The law requires these firms to deliver annual privacy notices outlining the sale of any sensitive or biometric data, giving consumers a clear picture of what personal data is being sold.

FDBR sets out a number of additional requirements: 

  • It grants consumers the right to opt out of voice and facial recognition data collection and prohibits data collection when voice-activated devices are not in use unless authorized.
  • It restricts government moderation of social media platforms, prohibiting any agreements designed to influence content.
  • The Bill places stringent rules on online services accessed by children, prohibiting potentially harmful data processing.
  • It mandates that search engines provide clear descriptions of the key factors influencing search result rankings, including the role of political partisanship.

The entities exempt from the FDBR include state agencies, financial institutions regulated by the Gramm-Leach-Bliley Act (GLBA), HIPAA-covered entities, non-profit organizations, and higher educational institutions.

FDBR compliance

Why are cookies important for FDBR compliance?

Under FDBR, businesses must obtain clear and informed user consent for the use of cookies. Consent must be freely given and unambiguous, meaning pre-ticked boxes or implied consent won’t meet compliance standards. Cookie banners require clear visibility and simple language to explain cookie use and purposes, with users given the options to accept, reject, or manage their cookie preferences. It’s for this reason that consent management platforms like CookieHub are an essential tool to keep businesses on the right side of Florida’s regulations.

Penalties for non-compliance

Similar to other privacy laws, FDBR doesn’t allow consumers to sue for violations, with enforcement undertaken by the Attorney General’s Office. Penalties under FDBR are far more severe than other state regulations, however, with fines of up to $50,000 per violation. These penalties can be tripled if the violation involves children’s data, refusal to correct or delete personal data, or continued selling of data after opt-out requests.

Unlike other state privacy laws that mandate cure periods during which businesses can rectify violation, FDBR’s 45-day cure period is discretionary, with Florida’s Attorney General deciding whether to grant this period or not.

Penalties and Fines

How to comply with FDBR

To comply with FDBR, businesses should take the following steps:

  • Conduct data audits
    Review current data practices to identify areas that need adjusting to align with FDBR.
  • Update privacy policies:
    Companies should revise their privacy notices to clearly outline data practices, consumer rights, and how to exercise those rights.
  • Implement consent management:
    Consent management platforms like CookieHub provide businesses with an effective and transparent way to manage cookie use.
  • Employee training:
    Businesses should initiate staff education programs on the importance of data privacy and FDBR compliance.

How CookieHub can help

CookieHub is a comprehensive consent management platform that streamlines the consent process for businesses. Automating everything from obtaining and managing to storing user consent, it’s a simple and effective way for businesses to remain compliant with state and federal laws.

Our platform scans and categorizes cookies, providing clear declarations through a user-friendly widget. With affordable plans starting at €8 per month and free options for sites with up to 5,000 sessions, CookieHub isn’t just an effective way for businesses to maintain compliance, it’s a remarkably affordable one too.

To find out more about CookieHub and how our consent management platform can keep your website compliant, contact us here.

Start 30 day free trial
Cookie Scanner

Are you compliant?

Our completely free tool will generate a detailed list of all cookies currently in use, along with valuable information about their purpose.

Sales & Support