Utah - UCPA (Utah Consumer Privacy Act)

What is UCPA and how it works?

Utah made its mark as the fourth state in the United States to enact privacy legislation, joining the ranks of California (CCPA), Colorado (CPA), and Virginia (VCDPA). The Utah Consumer Privacy Act (UCPA) is slated to go into effect on December 31, 2023. 

Notably, Utah's privacy law stands out for its business-friendly approach and unique provisions.

Following the footsteps of other state-level regulations, the UCPA adopts an opt-out consent framework. By default, personal data can be collected, processed, sold, or utilized for targeted advertising without explicit consent from consumers, with the exception of minors. However, individuals retain the right to opt out of the sale or use of their data for targeted advertising if they prefer their data not to be processed.

Under the UCPA, personal data is defined as "information that is linked or reasonably linkable to an identified individual or an identifiable individual." Certain types of personal data, such as names or email addresses, directly identify individuals. However, other data, like IP addresses, may identify individuals when combined with additional personal information.

Although the Utah Consumer Privacy Act will not take effect until December 31, 2023, it is crucial for businesses to start preparing for compliance with cookie consent regulations by 2024. Companies should ensure proper storage and security of consumer data, taking into account cookie consent requirements. Developing a comprehensive privacy policy that meets the standards outlined in the legislation is also essential. By proactively addressing these changes, businesses will be well-prepared to comply with the upcoming Utah law and maintain user trust regarding cookie consent.

If you want to know more about the different regulations you can access our article "Laws and regulations for each region"

Cookie Banner to comply with UCPA Regulation

The UCPA mandates that controllers and processors prioritize transparency in their data processing practices. They are held accountable for providing clear and unambiguous privacy notices, which must be readily accessible to consumers. This includes incorporating essential information regarding data processing activities and the use of cookie banners to ensure transparency and informed consent.

• Provide Detailed Information About Cookie Use: The cookie banner should contain information about why the website uses cookies. For example, does it collect data for analytics, advertising, or social media purposes?
• Link to the Website’s Cookie Policy: Here the website will provide further information about the cookies in use on the site, including a list of all the cookies.
• Do Not Sell Button: Websites should include a link or a button on their homepage with the title “Do Not Sell My Personal Information.” The “Do Not Sell” page should include a link to the website’s privacy policy, as well as a button that lets them opt-out of personalized advertisements.

Observations: In this region, it needs to use illow's US Opt-out banner.

If you want to know the different types of banner cookies that you can find on our platform, access our article "Types of banners you will find on our platform"