Data Privacy Rights in New Jersey

Source: Federal: FTC Act § 5 (15 U.S.C. § 45), HIPAA (42 U.S.C. § 1320d), COPPA (15 U.S.C. §§ 6501–6506), FERPA (20 U.S.C. § 1232g), GLBA (15 U.S.C. §§ 6801–6809). State: California Consumer Privacy Act/CPRA (Cal. Civ. Code § 1798.100 et seq.), Colorado Privacy Act (C.R.S. § 6-1-1301 et seq.), Connecticut Data Privacy Act (Conn. Gen. Stat. § 42-515 et seq.), Virginia Consumer Data Protection Act (Va. Code § 59.1-575 et seq.), Texas Data Privacy and Security Act (Tex. Bus. & Com. Code Ch. 541).

Last reviewed:

Written in plain language for general understanding. This is educational content, not legal advice. Content is researched from federal statutes, state codes, and official government sources. Each article is reviewed for accuracy before publication. Our editorial process

Federal Law

What is this right?

The United States does not have a single comprehensive federal data privacy law like the EU's GDPR. Instead, privacy is protected through a patchwork of federal sector-specific laws and an expanding number of state privacy laws. Several states — led by California — have passed comprehensive consumer privacy laws giving you the right to know what data companies collect about you, to delete it, and to opt out of its sale.

At the federal level, key privacy laws include HIPAA (health data), FERPA (education records), COPPA (children under 13), GLBA (financial data), and the FTC Act (unfair or deceptive practices). For general consumer data — your browsing history, purchase history, location data, and online behavior — state laws provide the most protection.

When does it apply?

Your data privacy rights apply when:

  • A company collects, stores, or sells your personal data — including name, email, phone, location, browsing history, and purchase history
  • You want to know what data a company has about you
  • You want a company to delete your personal data
  • You want to opt out of the sale or sharing of your personal data
  • A company experiences a data breach that exposes your information

State privacy laws (as of 2026):

  • California (CCPA/CPRA): The strongest state privacy law. Right to know, delete, opt out of sale/sharing, correct inaccurate data, and limit use of sensitive data. Applies to businesses with $25M+ revenue, data on 100,000+ consumers, or 50%+ revenue from data sales. Enforced by the California Privacy Protection Agency.
  • Colorado, Connecticut, Virginia, Texas, Oregon, Montana, and 10+ other states have passed comprehensive privacy laws with varying effective dates through 2026. Most include rights to access, delete, correct, and opt out.
  • States without privacy laws: If your state doesn't have a comprehensive privacy law, your primary protection is the FTC's authority to pursue "unfair or deceptive" data practices.

Common misconceptions:

  • "I have no privacy rights because there's no federal privacy law" — While there's no comprehensive federal law, sector-specific federal laws and state laws provide significant protections depending on the type of data and where you live.
  • "If a service is free, they can do anything with my data" — No. Companies must disclose their data practices in a privacy policy, and state laws may give you opt-out rights regardless of whether you paid for the service.
  • "Deleting my account deletes my data" — Not necessarily. Companies may retain data for legal or business reasons. Under state privacy laws, you can submit a specific deletion request that the company must honor.

What should you do?

Step 1: Check whether your state has a comprehensive privacy law. If you are in California, Colorado, Connecticut, Virginia, Texas, or one of the other states with privacy laws, you have specific rights you can exercise.

Step 2: Submit a data access request to any company you want to know about. Most companies have a "Privacy" or "Do Not Sell My Information" link in their website footer. California residents can use the phrase "right to know" in their request.

Step 3: Opt out of data sales. Under California law and similar state laws, companies must provide a clear mechanism to opt out. Look for "Do Not Sell or Share My Personal Information" links.

Step 4: If your data was exposed in a breach, check whether your state requires the company to notify you and offer credit monitoring. Most states have breach notification laws.

Step 5: File complaints with your state attorney general (most state privacy laws are enforced by the AG) or with the FTC at reportfraud.ftc.gov. California residents can also file with the California Privacy Protection Agency.

What should you NOT do?

Don't ignore data breach notifications. If a company tells you your data was compromised, take it seriously. Change passwords, enable two-factor authentication, and monitor your credit.

Don't accept cookies without thinking. Many websites use cookie banners that default to accepting all tracking. Choose "Reject All" or customize your settings to limit data collection.

Don't assume privacy policies protect you. Most privacy policies are written to maximize what the company can do with your data, not to protect you. Read the sections on data sharing, third parties, and your rights.

Don't pay for data removal services without researching them. Some data removal services charge fees for actions you can take yourself for free under state law. Submit your own requests first.

New Jersey Law
NJ

How New Jersey differs from federal law

New Jersey enacted a comprehensive consumer data privacy law in 2024, making it one of the strongest in the nation:

  • NJ Data Privacy Act (S332, signed Jan 2024, effective Jan 15, 2025): Gives NJ consumers the right to access, delete, and correct their personal data. Consumers can opt out of the sale of personal data, targeted advertising, and profiling. Applies to businesses that control or process data of 100,000+ NJ consumers, or 25,000+ consumers if the business derives revenue from selling data.
  • Sensitive data protections: The Act requires opt-in consent before processing sensitive data, including racial or ethnic origin, religious beliefs, health data, genetic data, biometric data, geolocation data, and data of known children.
  • Universal opt-out mechanism: Businesses must honor global privacy control signals (like the Global Privacy Control browser setting) as valid opt-out requests.
  • NJ breach notification law (N.J.S.A. 56:8-163): Predating the privacy act, NJ requires businesses to notify consumers of data breaches involving personal information in the most expedient time possible.
  • AG enforcement: The NJ Attorney General has exclusive enforcement authority. There is no private right of action under the Data Privacy Act, but the Consumer Fraud Act may provide additional remedies for deceptive data practices.

Additional Steps in New Jersey

Exercise your data privacy rights by contacting businesses directly — they must provide a clear method to submit requests. File complaints with the NJ Division of Consumer Affairs at njconsumeraffairs.gov or call (800) 242-5846. For data breaches, monitor your credit and consider a security freeze.

Relevant Law: S332 (NJ Data Privacy Act, P.L. 2024, effective Jan 15, 2025), N.J.S.A. 56:8-163 (breach notification), N.J.S.A. 56:8-1 et seq. (Consumer Fraud Act)

Common Questions

When does data privacy rights apply?

Your data privacy rights apply when:A company collects, stores, or sells your personal data — including name, email, phone, location, browsing history, and purchase historyYou want to know what data a company has about youYou want a company to delete your personal dataYou want to opt out of the sale or sharing of your personal dataA company experiences a data breach that exposes your informationState privacy laws (as of 2026):California (CCPA/CPRA): The strongest state privacy law. Right to know, delete, opt out of sale/sharing, correct inaccurate data, and limit use of sensitive data. Applies...

What should I do about data privacy rights?

Step 1: Check whether your state has a comprehensive privacy law. If you are in California, Colorado, Connecticut, Virginia, Texas, or one of the other states with privacy laws, you have specific rights you can exercise.Step 2: Submit a data access request to any company you want to know about. Most companies have a "Privacy" or "Do Not Sell My Information" link in their website footer. California residents can use the phrase "right to know" in their request.Step 3: Opt out of data sales. Under California law and similar state laws, companies must provide a clear mechanism to opt out. Look for...

What mistakes should I avoid with data privacy rights?

Don't ignore data breach notifications. If a company tells you your data was compromised, take it seriously. Change passwords, enable two-factor authentication, and monitor your credit.Don't accept cookies without thinking. Many websites use cookie banners that default to accepting all tracking. Choose "Reject All" or customize your settings to limit data collection.Don't assume privacy policies protect you. Most privacy policies are written to maximize what the company can do with your data, not to protect you. Read the sections on data sharing, third parties, and your rights.Don't pay for da...

More in Consumer Rights

Debt Collector RulesThe Fair Debt Collection Practices Act (FDCPA) is a federal law that limits what debt collectors can do when trying to c...Read more →Credit Report RightsThe Fair Credit Reporting Act (FCRA) gives you the right to see what is in your credit report, dispute mistakes, and hav...Read more →Small Claims CourtSmall claims court is a special court where you can sue someone for a relatively small amount of money without hiring a ...Read more →

Related Topics

Workers' RightsWorkplace HarassmentTax RightsPenalty Abatement
← Browse all Consumer Rights

Legal Resources

We may earn a commission if you use these services — at no extra cost to you. This supports our mission to make legal information free for everyone.

LawDepotSend a formal demand letter to a business or creditor. State-specific financial and consumer documents ready in minutes.Create a Demand LetterCredit KarmaFree credit monitoring, dispute tools, and alerts. Know when your credit report changes.Check Your Credit FreeIdentityGuardIdentity theft protection and monitoring. Get notified if your personal information is misused.Protect Your Identity

You came here to know your rights — help someone else know theirs.

Support This Mission