Nevada’s governor recently approved an amendment to their privacy law. As we covered previously, generally, this law affords consumers a right to opt out of the “sale” of their data to third parties.  The amendment broadens (1) the scope of the law to also apply to “data brokers” and (2) consumers right to opt-out of sale. The changes are expected to go into effect October 1, 2021.

Nevada is the not the first state to regulate “data brokers.” California and Vermont also have laws that apply to companies that are in the business of buying and selling information about consumers. In Nevada, a data broker is defined as “a person whose primary business is purchasing covered information about consumers with whom the person does not have a direct relationship and who reside in this State from operators or other data brokers and making sales of such covered information.”

Nevada’s previous definition of “sale” was relatively narrow in scope, requiring that there be an exchange for monetary consideration and an onward license or sale of the data to other third parties. While still not as broad as “sale” under California’s CCPA (which defines sale to also include “other valuable consideration”), the amendment removes the requirement that the exchange be for the purpose of the other person licensing or selling covered information to additional persons. Thus, Nevada still maintains the requirement that there be “monetary consideration” which aligns more closely to Virginia’s impending privacy law.

Putting it into practice. While the amendments to Nevada’s law likely will not significantly broaden what activities might constitute a “sale,” companies should still confirm that any existing disclosures in privacy policies about Nevada’s law remain accurate in light of these changes. Data brokers should also review and assess whether any existing processes will need to be updated.