By: Drew Sorrell, Melody Lynch & Brian Lawrence
On Friday, April 30, Florida’s legislature closed its 2021 session without passing the much anticipated Florida Privacy Act. The Act largely failed to pass due to a disagreement between Florida’s house that wanted a private right of action included and the Florida Senate that wanted only Florida’s Attorney General to have enforcement rights. Given that both Republicans and Democrats supported the legislation, it is likely that another version of the Act will be taken up next year.
If the Act had passed, Florida would have been the third state to adopt such a comprehensive consumer privacy bill, joining California, which passed the California Consumer Privacy Act in 2018, and Virginia, which enacted the Virginia Consumer Data Protection Act on March 2, 2021. Washington state is likely to be the next state to pass comprehensive legislation. Europe previously implemented its General Data Protection Regulation in 2016, after which the California law is modeled.
If it had passed, the Florida bill likely would have covered entities that do business with Florida citizens and to which one of the following applied: met a revenue requirement regardless of number of records processed (e.g. $25 million), derived 50% or more of their revenue from processing such records, or that that bought, sold, or received a minimum number of records (e.g. 50,000 Florida residents, households or devices) annually. Given that the California version of this law has similar triggers, this trigger mechanism is likely to come back if Florida takes up the issue next year.