California claims the digital privacy top spot once again in the Private Internet Access ranking of US States

2nd annual privacy report sees Arkansas, Mississippi and Louisiana amongst the states who have fallen in the rankings due to a lack of commitment to improve privacy legislation.

Denver, Colorado – Private Internet Access, VPN provider and online privacy advocate, has released a new report that exposes the stark imbalance of digital privacy protection across the US. The authors call for a united approach in shaping comprehensive digital privacy laws across the nation.

California secured its spot as the top-ranking state with superior privacy laws and substantial investments in digital privacy and cybersecurity. A trailblazer, California enacted the California Consumer Privacy Act in 2020, spearheading a comprehensive data privacy law for other States to follow. The California Privacy Protection Agency (CPPA) has remained dedicated to fortifying online privacy and implemented revised CCPA Regulations effective from March 29, 2023.

California also has advanced privacy laws covering data handling, mandatory data breach notifications, sharing consumer information for marketing purposes and recording of telephone conversations. The upcoming California Age-Appropriate Design Code Act, effective from July 1 2024, also showcases California’s continued commitment to digital privacy and data protection for both children and adults.

Connecticut, Colorado and Virginia also received high praise for their comprehensive data privacy laws, clear data-sharing policies and proactive approach to data breaches, as well as for their investment in digital security.

The report highlighted concern over several states lagging behind in protecting online privacy. Arkansas, Mississippi, and Louisiana were the worst performing States, receiving poor rankings due to their lack of progress in enacting new laws to protect consumer data and privacy. Worse yet, these states also introduced measures with detrimental effects on digital privacy, such as laws mandating digital age verification for accessing adult content online. These ill-conceived measures expose citizens to extensive data collection and heightened privacy risks.

This trend, which showed certain states drifting further from the pursuit of improved digital privacy, implementing measures which both restrict digital freedom and disregard the data privacy of citizens, was highlighted in PIA’s study. Such laws were often passed under the guise of online safety for minors or improved data security against foreign-owned companies. Besides new age verification laws, the Montana TikTok ban and ongoing debates surrounding its enforcement, pose serious implications for citizens’ privacy and digital freedom.

The report underscores the pressing need for comprehensive online privacy protection across the United States, as gaps in privacy safeguards persist. These gaps create opportunities for data breaches and for unscrupulous actors to exploit sensitive information.The American Data Privacy and Protection Act (ADPPA), still under consideration by Congress, could represent a crucial step toward addressing these concerns.The bill is the closest the U.S. Congress has ever been to passing comprehensive federal privacy legislation. If successful, the bill would establish stringent requirements for how companies handle personal data, offering crucial safeguards for individuals’ privacy rights in the digital age.

Charlotte Scott, Digital Rights Advocate at Private Internet Access, remarked:

“In an increasingly digital era where so much information about our lives is now online, it is vital that all states recognize the importance of digital privacy for their citizens. The American Data Privacy and Protection Act could be a critical step forward in addressing this pressing need. We need robust requirements for how companies handle personal data, and policymakers must uphold the privacy rights of individuals and acknowledge the significance of data protection in our society. Through enhanced regulations and compliance measures, we can establish a brighter digital future, one where privacy is respected, and individuals can trust in the security of their digital lives in the United States.”

Private Internet Access aims to raise awareness about ongoing digital privacy issues through this report, empowering citizens to advocate for stronger digital security and privacy protection.

Read the report and see the full rankings here.

NOTES TO EDITOR

PIA’s 2023 ranking grid, supporting infographics and high res versions of PIA’s logo can be found here.

Contact

The Private Internet Access press team at press@privateinternetaccess.com.

About PIA

Private Internet Access (PIA) is the world’s most transparent VPN provider, with over 30 million downloads. PIA never records or stores user data, and transparency is a guiding principle. PIA publishes regular transparency reports and its no-logs policy has been proven multiple times in court. It also undergoes independent audits to review its no-logs policy, most recently by Deloitte in 2022. PIA has a world-class, next-gen server infrastructure covering over 84 countries and each and every US state. PIA has been part of Kape Technologies since 2019. To learn more about PIA, visit https://www.privateinternetaccess.com/ or follow us on Twitter.

Methodology

PIA’s researchers looked at the following criteria to determine which states had the best and worst online privacy protections in place and to ascertain which states were making the best progress towards improving consumer privacy. For each criteria, a specific set of questions was answered and the results were tallied for each state.

• General Strength of Privacy Laws

• Does the State have a comprehensive data privacy law in place?
• Does the consumer have a right to access, delete, or modify personal data?
• Can consumers optout of data collection and use?
• Are companies required to disclose data collection, source, and use information?
• Are ISPs required to protect online privacy under current legislation?

• General Strength of Data Security Laws

• What do companies in each state have to do to safeguard consumer data?
• What methods are in place to create and enforce privacy policies?

• Presence of Data Broker Laws

• Do laws exist to monitor/regulate what type of information is collected?
• Do laws exist that prevent them from selling certain forms of information?
• Do consumers have adequate rights Regarding Data Brokers?

• Laws in Place to Protect Children’s Privacy

• Are laws in place to protect the digital privacy of children age K9?
• Do parents/minors have the ability to remove data on request?

• Strength of Employee Data Collection Policies

• Are companies required to disclose what employee data they collect/store?

• Do employees have the right to delete personal data on request?
• Do employees have the right to opt out of third party sharing?

• Laws that infringe on digital privacy

• Has the State implemented any laws that infringe on digital privacy?
• Have State legislators been vocal in their support of further legislation that would harm citizens’ rights to online privacy?