Crime & Safety
NJ Redefines Personal Data In New Protection Proposal
The measures are meant to better protect consumers, whether they are shopping or just browsing the news online.
NEW JERSEY - Redefining what constitutes personal data is part of a series of new protection measures proposed under the New Jersey Data Privacy Act.
The measures, presented by the New Jersey Division of Consumer Affairs earlier this month, are meant to better protect consumers, whether they are shopping or just browsing the news online, from their data being collected, shared and sold.
According to Attorney General Matthew J. Platkin, “the proposed rules advance consumer privacy protections by requiring internet websites, online providers, and other entities to fully disclose to consumers how their private data will be used, notify consumers of their data privacy rights, and provide them with information on how to exercise those rights.”
Find out what's happening in Across New Jerseyfor free with the latest updates from Patch.
Under the NJDPA that Governor Phil Murphy signed into law in 2024, online operators, or "controllers," that gather customer information during business transactions are required to notify consumers of the collection and disclosure of personal information to other third parties. They are also mandated to provide consumers with an ability to opt-out of that collection or disclosure.
Find out what's happening in Across New Jerseyfor free with the latest updates from Patch.
Like other states, New Jersey privacy laws define personal data as "any information that is linked or reasonably linkable to an identified or identifiable person." These new measures elaborate further, saying what can be "reasonably linkable" are traits that can identify a person or device when aggregated with other data, included, but not limited to:
- full name
- mother’s maiden name
- telephone number
- IP address or other unique device identifiers
- place of birth
- date of birth
- geographical details (for example, zip code, city, state or country)
- employment information
- username, email address, or any other account holder identifying information (including, but not limited to, identifying information related to social media accounts)
- mailing address
- race, ethnicity, sex, sexual orientation, or gender identity
The proposed rules also refer to the state's obligation to safeguard personal data as a “duty of care,” which could create a basis for litigation despite the prohibition on private rights of action under the NJDPA, according to The National Law Review.
"Consumers in New Jersey deserve to know exactly when and how their information is used,” said Governor Phil Murphy.
New Jersey’s Acting Director of the Division of Consumer Affairs, Elizabeth M. Harris, echoed the concern and outlined, "a growing sense of helplessness among consumers who do not want their data collected but feel powerless to stop it. The rules we are proposing . . . empower consumers to reclaim control over their personal data, including how and when it is collected, shared, or sold.”
MORE FROM PATCH: DOGE Gets Access To Social Security Data: What NJ Residents Should Know
The proposed rules also entail further compliance obligations for data collection relating to maintaining a data inventory, processing sensitive data and consent when dealing with a child's sensitive information.
There is a 60-day public comment period for written concerns on the proposed rules that ends on August 1, 2025. After this period, the New Jersey Division of Consumer Affairs will review the comments that were submitted, and the rules will become final when after a Notice of Adoption is published, which is expected sometime in 2026.
Get more local news delivered straight to your inbox. Sign up for free Patch newsletters and alerts.
