惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

月光博客
月光博客
T
Tenable Blog
D
DataBreaches.Net
GbyAI
GbyAI
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
腾讯CDC
V
Visual Studio Blog
B
Blog
雷峰网
雷峰网
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
I
InfoQ
M
MIT News - Artificial intelligence
有赞技术团队
有赞技术团队
T
Tailwind CSS Blog
The Cloudflare Blog
L
LangChain Blog
MongoDB | Blog
MongoDB | Blog
Vercel News
Vercel News
Cloudbric
Cloudbric
L
Lohrmann on Cybersecurity
博客园 - 司徒正美
T
The Exploit Database - CXSecurity.com
Google DeepMind News
Google DeepMind News
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Attack and Defense Labs
Attack and Defense Labs
Martin Fowler
Martin Fowler
SecWiki News
SecWiki News
T
Threat Research - Cisco Blogs
J
Java Code Geeks
Cyberwarzone
Cyberwarzone
Forbes - Security
Forbes - Security
Spread Privacy
Spread Privacy
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
大猫的无限游戏
大猫的无限游戏
O
OpenAI News
D
Darknet – Hacking Tools, Hacker News & Cyber Security
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Schneier on Security
Schneier on Security
S
Security @ Cisco Blogs
酷 壳 – CoolShell
酷 壳 – CoolShell
The Hacker News
The Hacker News
H
Help Net Security
Y
Y Combinator Blog
C
Cybersecurity and Infrastructure Security Agency CISA
T
Tor Project blog
量子位
U
Unit 42
S
SegmentFault 最新的问题
V
V2EX
D
Docker

Compliance Solutions for Websites, Apps and Organizations | iubenda

AI can build your website. It can't manage your consent. | iubenda Browser signals and machine-readable consent: what they are and what the EU’s Digital Omnibus could change California Consumer Privacy Act (CCPA): Complete Guide How to increase your cookie banner opt-in rates: 5 mistakes to fix today | iubenda DPO Newsletter: Global Data Protection & Privacy News (issue #153) Why your consent management setup is a marketing performance question Everything you need to know about GDPR The redesigned cookie banner and configurator What nobody tells you about handing over the company you built European marketers are betting on retention. Privacy could be the edge they’re not using yet. The 5 best alternatives to Didomi in 2026: Pros, cons, pricing, and comparison Looking back on 15 years: what iubenda's founder would tell his 2011 self | iubenda The best cookie policy generator in 2026 DPO Newsletter: Global Data Protection & Privacy News (issue #152) | iubenda What publishers should expect from the EU’s Digital Omnibus proposal Uncertainty is the biggest blocker to AI adoption in marketing | iubenda Everything AI app builders need to know about vibecoding and privacy compliance | iubenda Introducing 1-Click Embedding for Google Tag Manager The Essential Small Business Terms and Conditions Template: What You Need to Know Terms of Use Template | iubenda IAB Europe Raises Concerns Over GDPR Procedural Regulation Draft Report | iubenda Learn from HelloFresh's Costly Mistake: Ensure Compliance with iubenda | iubenda Understanding the Spanish DPA Guide on Audience Measurement Cookies | iubenda The Austrian Data Protection Authority's FAQs on Cookies and Privacy | iubenda DPO Newsletter: Global Data Protection & Privacy News (issue #127) | iubenda Microsoft Ensuring European Data Stays Within the EU Cloud Boundary | iubenda Businesses Beware: ICO’s Record £14.3m in Fines for Data Misuse in 2023 Understanding the Risks and Responsibilities of Model-as-a-Service Companies in AI Development Facebook's New “Link History” Feature: A Blend of Convenience and Surveillance? | iubenda OpenAI’s Strategic Move in the EU: Aligning with Data Privacy Regulations TikTok Faces Lawsuit Over Tracking Non-Users What’s the Digital Markets Act (DMA) and how will it affect you? | iubenda Simplifying Cookie Consent: The European Commission's Approach | iubenda Google Settles Landmark Privacy Lawsuit for $5 Billion | iubenda Navigate GDPR Compliance with Confidence: Lessons from Recent Fines in Italy Simplifying the Commission's New Reporting Template for Digital Market Gatekeepers | iubenda Understanding the GDPR Complaint Against X (Twitter) for Illegal MicroTargeting | iubenda Spanish Media Giants Take On Meta in a Groundbreaking $600 Million Lawsuit | iubenda DPO Newsletter: Data Protection & Privacy News (issue #126) | iubenda Belgian DPA Mandates Cookie Banner Changes for Major Media Websites | iubenda UK's Top Websites Warned by ICO to Revise Cookie Practices | iubenda Understanding the European Union's Data Act | iubenda Google Announces Consent Mode v2 – here’s what it means for your business and advertising Noyb Challenges EU Commission Over Controversial Ad Campaign | iubenda OECD Updates AI Definition: A Step Forward in Shaping EU’s AI Law Firefox To Introduce Simplified Global Privacy Control Berlin Court Cracks Down on LinkedIn’s Privacy Violations The YouTube Ad Blocker Controversy: A Test of the ePrivacy Directive? | iubenda DPO Newsletter: Data Protection & Privacy News (issue #125) Facebook and Instagram Subscription: Meta adds a paywall | iubenda GDPR Violation: Lack of Transparency in Data Processing via Google Fonts Amazon Introduces AWS European Sovereign Cloud to Address EU Regulations | iubenda Texas New Data Privacy Law TDPSA: Everything you need to know How to Make Money with a Website Without Selling Anything Oregon Consumer Privacy Act: Overview | iubenda Google’s Move to Disable Third-Party Cookies: What Advertisers Need to Know IMY Fines H&M for GDPR Violations: A Closer Look EU Commission Requests Information from X Under Digital Services Act: What You Need to Know | iubenda Understanding California’s “Delete Act” and Data Broker Regulations TCF v 2.2 Initial Layer (Banner) Requirements | iubenda Grindr Faces €5.8 Million Fine: A Reminder on the Importance of GDPR Compliance | iubenda Newly Enacted Iowa Consumer Data Protection Act (ICDPA) | iubenda The Witch’s Brew of Privacy: A Halloween Tale of Compliance and Consequences IAB TCF 2.2 – What you need to do DPO Newsletter: Data Protection & Privacy News (issue #124) Blog Ideas That Make Money: How To Make Money From Your Blog + Examples | iubenda Maximize your Growth with Online Presence Management | iubenda Meta's New Pivot in Europe: To Pay or Not to Pay for an Ad-Free Experience? | iubenda Consumer Reports Launches Free ‘Permission Slip’ App to Protect Your Data | iubenda DAZN’s Access Request Saga Personal Brand Logo: How to Stand Out in a Crowded Marketplace UK-US Data Bridge: A New Era for Secure Data Transfers 7 Ways How to Promote Affiliate Links Effectively (And Boost Commissions) | iubenda Mastering LinkedIn Personal Branding: A Guide to More Opportunities Meta's New Approach: Pay for Your Privacy? | iubenda No Return, No Refund Policy Template & Guide GDPR in the US: a GDPR Checklist for US Companies Crafting a Niche with Branding and Identity Design | iubenda The Online Safety Bill: A Leap Towards a Safer Digital United Kingdom Understanding Google's $93m Settlement over Consumer Location Data Accusations | iubenda CCPA vs CPRA: Key Differences You Need to Know | iubenda How To Use Ecommerce Retargeting to Grow Your Business | iubenda PECR: Everything you need to know | iubenda How Mobile Apps Illegally Share Your Personal Data: A Deep Dive | iubenda Legal Spotlight: Privacy Concerns Surrounding OpenAI’s ChatGPT and Microsoft’s Involvement Legal Scrutiny Looms Over Transatlantic Data Deal: French MEP Takes Action Understanding the Digital Markets Act: A Comprehensive Guide Block AI Crawlers: Here’s How To Stop Your Site From Being Used for AI Training (OpenAI and Google Bard Irish Regulator Slaps $368M Fine on TikTok DPO Newsletter: Data Protection & Privacy News (issue #123) | iubenda The Privacy Pitfalls of Vehicle Data Collection: What You Need to Know | iubenda Twitter customer’s data on the menu for xAI models Update: Revised Swiss Privacy Law Takes Effect Fitbit and the GDPR Hurdle: What You Need to Know About Your Data Privacy | iubenda Terms of Service Template for your site | iubenda Senators Urge FTC to Investigate YouTube and Google for Violating Children's Privacy: What You Need to Google AdSense Requirements: Here's What You Need to Know | iubenda Users can’t opt out from marketing emails: FTC fines Experian $650,000 | iubenda DPO Newsletter: Data Protection & Privacy News (issue #122) | iubenda 7 Ways Business Process Automation Can Increase Your Profits
Understanding the Montana Consumer Data Privacy Act (MTCDPA)  | iubenda
Jessica Ryder · 2024-02-15 · via Compliance Solutions for Websites, Apps and Organizations | iubenda

Montana has stepped up with its Consumer Data Privacy Act (MTCDPA), which took effect on October 1, 2024. 

This legislation aims to give Montana residents more control over their personal data, ensuring their privacy in a rapidly evolving digital world. 

Montana Consumer Data Privacy Act

What is Sensitive Data?

Under the MTCDPA, sensitive data refers to personal information that is more private and includes details such as:

  • Racial or ethnic origin, religious beliefs, mental or physical health conditions, sexual orientation, and citizenship or immigration status.
  • Genetic or biometric data used for unique identification.
  • Information collected from children.
  • Precise locations of individuals.

Who Needs to Comply with the Montana Consumer Data Privacy Act?

The act applies to businesses operating in Montana or targeting its residents, with specific criteria:

  • Those controlling or processing the personal data of at least 50,000 consumers (not including data for payment transactions). OR
  • Businesses controlling or processing data of at least 25,000 consumers and earning more than 25% of their gross revenue from selling personal data.

Non-profits and certain other entities are exempt from this law.

Consumer Rights Under the MTCDPA

People of Montanan have the following rights regarding their data:

  1. Right to Know and Access: You can ask businesses if they’re processing your data and access it.
  2. Data Portability: Obtain a copy of your data in a format that’s easy to transfer to another service.
  3. Correction: Request updates or corrections to inaccurate personal data.
  4. Deletion: Ask for your data to be deleted.
  5. Opt-Out Rights: Choose to opt out of targeted advertising, the sale of your data, and certain profiling activities.
  6. Non-Discrimination: Businesses can’t discriminate against you for exercising your privacy rights.

As a business operating under the Montana Consumer Data Privacy Act (MTCDPA), it is imperative to establish and communicate secure and reliable methods for consumers to exercise their privacy rights. This includes the submission of requests regarding their personal data without the necessity for them to create an account. However, if a consumer already has an account with your business, you are encouraged to facilitate the submission of requests through that account.

It is also important to acknowledge that parents and legal guardians have the right to submit requests on behalf of their children, ensuring their privacy is protected under the act.

Upon receiving a consumer request, your business is obligated to respond within 45 days. 
This timeframe may be extended under specific circumstances, provided that the consumer is notified of the extension and the reasons for the delay within such term. Furthermore, in the case of appeals against decisions made in response to their requests, your business must ensure that these are processed, and a conclusion is reached within 60 days.

Business Obligations Under the MTCDPA

Businesses must:

  1. Obtain consent for processing personal data outside the stated purposes in their privacy policy, processing sensitive data, and selling data or performing targeted advertising to young consumers (13–16 years old).
  2. Comply with the Children’s Online Privacy Protection Act (COPPA) for processing children’s data.
  3. Provide clear privacy notices detailing the categories of personal data processed, purposes, sharing practices, contact information, and how to exercise your rights.
  4. Conduct data protection assessments for risky processing activities.
  5. Recognize and honor universal opt-out signals. 

See below for a more in-depth review of what this means for your business 👇

1. Consent for Data Processing

Businesses are required to obtain explicit consent from consumers for several key activities:

  • Processing Personal Data Beyond Privacy Policy Purposes: If personal data is to be processed for reasons not initially disclosed in the business’s privacy policy, nor reasonably necessary to or compatible with the purposes specified in the privacy policy, explicit consent from the consumer is necessary.
  • Handling Sensitive Data: Before processing sensitive data, businesses must secure explicit consent. Sensitive data includes information on racial or ethnic origin, religious beliefs, health conditions, sexual orientation, citizenship status, genetic, biometric data, children’s data, and precise geolocation.
  • Targeted Advertising and Data Sales to Young Consumers: For consumers between 13 and 16 years old, businesses must obtain consent before engaging in targeted advertising or selling their data.

2. Compliance with COPPA

Businesses must ensure that their data processing practices concerning children’s data comply with the Children’s Online Privacy Protection Act (COPPA). This involves obtaining verifiable parental consent before collecting, using, or disclosing personal information from children under 13 and adhering to COPPA’s stringent requirements for protecting children’s online privacy.

3. Privacy Notices

Businesses are required to provide detailed and accessible privacy notices that include:

  • Categories of Processed Data: Clearly state the types of personal data that the business processes.
  • Processing Purposes: Explain the purposes for which personal data is processed.
  • Data Sharing Practices: Disclose any categories of personal data shared with third parties, including the types of third parties with whom the data is shared.
  • Contact Information: Offer a direct means of communication (e.g., an email address) for consumers to reach out with questions or requests regarding their data.
  • Exercising Consumer Rights: Outline the processes for consumers to exercise their rights under the MTCDPA, including how to access, correct, delete their personal data, or opt out of certain processing activities.
  • Appeal Process: Inform consumers about the appeal process in case their requests are denied, ensuring transparency and recourse.

4. Data Protection Assessments

For activities that present a heightened risk of harm to consumers (such as processing sensitive data, targeted advertising, and profiling), businesses must conduct and document data protection assessments. These assessments are crucial for identifying and mitigating risks to consumer privacy and data security.

5. Universal Opt-Out Recognition

Starting January 1, 2025, businesses will be required to recognize and honor universal opt-out signals from consumers electing to opt out of the sale of their personal data or targeted advertising. 

This means businesses must be technologically equipped to automatically process these opt-out requests without requiring further action from consumers.

Stay compliant with iubenda

The MTCDPA isn’t the only US privacy law you need to care about — there are others that are already being enforced

Start now!