The Democratic senators, Rosemary Bayer, and eight others presented Senate Bill 1182 on September 27, 2022, enacting the Michigan Personal Data Privacy Act. The Senate Energy and Technology Committee in Michigan is considering the bill as the legislature continues to be in session for the rest of the year.
The Goals of the Michigan Personal Data Privacy Act
The preamble of the act outlines the goal of the legislation, which includes the following:
- Protect consumers’ privacy rights
This act aims to protect consumers’ privacy rights under its jurisdiction, offering Michigan residents greater protection. You must provide specific notices to your consumers on processing and selling their data. You must outline how and why you process their personal information and to whom you sell it.
These requirements not only inform your consumers how you use and share their information with third parties but also keep you transparent and accountable. So, you will not manage data carelessly and create an effective data storage management system to avoid violating the requirements.
- Prohibit abusive practices on personal data
Another goal of the act is to prohibit abusive actions and practices regarding the processing and selling of personal data. You must follow the established standards and procedures when dealing with personal data to avoid the exploitation of the privacy of consumers by selling their data to make money.
- Define the powers and duties of state officers
The Michigan Personal Data Privacy Act seeks to define the powers and duties of state officers and state government entities. It assigns them more rights, powers, and responsibilities in monitoring the activities and actions of companies as they protect the consumers in their jurisdiction.
- Establish funds and remedies
This act aims to establish funds and remedies in case of violations, which help motivates businesses to comply with it and protect personal data.
Who is affected by the Michigan Personal Data Privacy Act?
The Michigan Personal Data Privacy Act applies to any entity that operates in Michigan or provides a product or service available to Michigan residents. The entity must meet at least one of these criteria:
- Processes or collects personal information of at least 100,000 consumers, or
- It collects, processes, and sells personal data from over 25,000 consumers while earning 50% gross revenue from selling personal data annually.
Consumer Rights under the Michigan Personal Data Privacy Act
The Michigan Personal Data Privacy Act aims to control how businesses handle private information about consumers. Under this act, Michigan consumers enjoy the following rights:
Right to disclosure: Consumers will have the right to consent to collecting and processing their data at their request.
Right to deletion: Consumers can ask for their data to be deleted.
Right to notice: Consumers are entitled to know what personal information is being collected and its intended use.
Right to correction: The consumer is entitled to correct any personal data inaccuracies.
Right to opt-out: Consumers can opt-out of having their data processed for the sale of personal data, targeted advertising, or profiling with legal consequences.
Personal Data Processing May Require Opting In
While it’s premature to predict the exact course of action for this potential requirement, consumers can opt-out of processing personal information in the act. Section 7(1)(a) requires a controller to obtain a consumer’s consent before processing sensitive personal data.
In this case, consent requirements will be stringent, exceeding General Data Protection Regulation requirements. It will be interesting to see how the act works out, but you should consider it part of your compliance strategy.
Penalties for Violation
If you violate the act and fail to remedy it within 30 days, you will receive a $7,500 fine for each offense. In the case of an improper registration with the Attorney General, the penalty maybe $100 per day. Additionally, the legislation provides a private right of action for damages, injunctions, and other relief determined by a judge.
Conclusion
The Michigan Personal Data Privacy Act aims to protect consumers’ privacy rights, with entities having legal requirements and penalties for violating the law. This act represents a more rigorous approach to collecting and managing personal information.