UCPA Compliance
Pandectes GDPR Compliance is designed to help Shopify Stores achieve compliance with the Utah Consumer Privacy Act (UCPA). Our advanced scanning capabilities identify cookies and tracking technologies, generating comprehensive reports that classify them in accordance with UCPA guidelines. Simplify your path to data privacy compliance with Pandectes GDPR Compliance.
What is UCPA?
The Utah Consumer Privacy Act (UCPA) is a data privacy law that safeguards the privacy rights of Utah residents and imposes obligations on companies operating in the state. Enacted on March 24th, 2022, the UCPA focuses on the sale of personal data and targeted advertising. It defines a sale as the exchange of personal data for monetary consideration to a third party, unlike the inclusion of non-monetary options in the CCPA and CPRA.
Unlike California’s CPRA, Utah’s law does not cover data sharing. However, targeted advertising, even though it involves monetary considerations, is not considered a direct transaction with the consumer. The UCPA follows an opt-out model, allowing the collection, sale, and use of personal data for targeted advertising without explicit consent, except when dealing with data belonging to children. In such cases, consent must be obtained from a parent or legal guardian. Consumers have the right to opt out of the sale of their data or its use for targeted advertising, and businesses must provide them with the option to do so, ensuring that their data is no longer used for those purposes once opted out.
Who does the UCPA apply to?
The Utah Consumer Privacy Act (UCPA) is applicable to both controllers and processors of personal data. According to the law, a controller is defined as a person conducting business within the state who decides the purposes and methods of processing personal data, regardless of whether this determination is made individually or in collaboration with others.
What happens if I don't comply with the UCPA?
Under the UCPA, enforcement occurs at multiple levels, with the Division of Consumer Protection collecting consumer complaints and investigating potential violations. If a controller or processor continues to violate UCPA provisions despite providing an express written statement, the attorney general has the authority to take enforcement action, which may result in fines of up to $7,500.
When will the UCPA go into effect?
Scheduled to take effect on December 31, 2023, the Utah Consumer Privacy Act (UCPA) serves as Utah’s data privacy law. It grants consumers certain rights while imposing obligations on businesses operating within the state.
Complying with the UCPA
The UCPA stands as one of the comprehensive data privacy laws, and other states, such as Indiana, Iowa, Tennessee, and Montana, are also introducing their own privacy bills. As businesses operate across multiple states, it becomes increasingly difficult to navigate and adhere to the intricate network of state data privacy laws.
Maintaining compliance begins with staying informed about the evolving legislation that may impact your company. Keeping track of these laws as they progress through state legislatures is essential. Subscribing to relevant newsletters and resources can be helpful.
When a new law is enacted but not yet in effect, it is advisable to review its text in collaboration with legal counsel. They can assess your compliance status and provide guidance on necessary actions.
To streamline the data compliance process, consider utilizing a Consent Management Platform (CMP) like Pandectes GDPR Compliance. A CMP relieves the burden on your team by offering customizable consent management, automation of data subject access requests, and tools for cookie & vendor management. Pandectes GDPR Compliance is specifically designed for Shopify Stores and is ready to assist you in achieving and maintaining compliance within the ever-changing landscape of data privacy.