By passing DPDPA, Delaware is the 11th state in the union to roll out personal data protection legislation after California. Other states with similar laws are Virginia, Colorado, Utah, Connecticut, Iowa, Indiana, Tennessee, Montana, Texas, and also Oregon.
The DPDPA was largely modeled on laws in Connecticut and also Virginia. However it is stricter than these or other US state laws, and also applies to a wider range of businesses.
By comparison, Delaware’s 35,000 consumer threshold is far lower than the 100,000 found in Colorado, Iowa, Indiana, and Oregon.
And for businesses selling personal data, the 10,000 threshold and 20% income share is far lower than, for instance, the 25,000/25% in Montana and 25,000/50% in Indiana.
That said, critics of the Delaware Personal Data Privacy law argue that Delaware will find it difficult to enforce the law.
This is because, unlike other state laws in the US, Delaware’s residents are unable to open a civil action against businesses for individual complaints. Instead, the Department of Justice will issue violation notifications to businesses, who then have 60 days to meet requirements.