Florida Privacy Law Attorneys

Florida Privacy Law Overview

Florida enacted a comprehensive privacy law — the Florida Digital Bill of Rights (FDBR) — effective July 1, 2024, but with a deliberately narrow scope. Its core controller obligations target only the very largest technology companies (those with more than $1 billion in global revenue meeting additional criteria), while its protections for children's data and sensitive data reach more broadly. Every Florida business also remains subject to the Florida Information Protection Act for data-breach notification.

The Florida Digital Bill of Rights (FDBR)

The FDBR grants Florida consumers rights to access, correct, delete and port their personal data and to opt out of targeted advertising, the sale of data, and profiling. Unlike most state laws, its central controller duties apply only to for-profit businesses with global gross revenue exceeding $1 billion that also derive half their revenue from digital advertising, operate a smart speaker or voice assistant, or run a large app store. This narrow threshold means only a handful of major platforms bear the full obligations, though child-data and sensitive-data provisions apply more widely.

Who Must Comply

The FDBR applies to businesses that meet Florida's applicability thresholds:

• For-profit business with more than $1 billion in global gross annual revenue, and one of:
• Derives 50% or more of revenue from the sale of online advertisements, or
• Operates a consumer smart-speaker / voice-assistant service, or
• Operates an app store or digital-distribution platform offering at least 250,000 applications

What makes Florida different: The $1 billion revenue floor makes the FDBR the narrowest comprehensive state privacy law — it functions largely as a Big Tech statute, while smaller Florida businesses focus on data-breach and federal compliance.

Consumer Rights Under the FDBR

Florida residents can exercise the following rights over their personal data:

• Right to access / confirm what data is held
• Right to correct inaccurate data
• Right to delete personal data
• Right to data portability
• Right to opt out of targeted advertising
• Right to opt out of the sale of personal data
• Right to opt out of profiling for significant decisions

Sensitive personal data: Businesses must obtain opt-in consent before processing sensitive data (such as health, biometric, precise-geolocation, or demographic data).

Sector-Specific Privacy Laws in Florida

Children's & Sensitive-Data Provisions

The FDBR separately restricts the processing of personal data of known minors, the sale of sensitive data without consent, and the collection of precise geolocation, biometric, and voice-recognition data — these provisions are not limited to billion-dollar companies.

Data Breach Notification in Florida

The Florida Information Protection Act (FIPA) requires covered entities to notify affected individuals within 30 days of determining that a breach of personal information has occurred.

• Deadline to notify residents: No later than 30 days after determination of a breach
• Attorney General notice: Notify the Florida Department of Legal Affairs if 500 or more Floridians are affected
• Covered data: Name combined with sensitive identifiers (SSN, driver's license, financial-account or medical information, and more)

Federal Privacy Laws That Apply in Florida

Even where Florida law is silent, residents and businesses are covered by federal privacy statutes:

• HIPAA — health information held by providers, plans and their vendors
• GLBA — privacy and safeguards rules for financial institutions
• FERPA — student education records
• FCRA — consumer reporting agencies and background screening
• COPPA — online collection of data from children under 13
• FTC Act §5 — unfair or deceptive privacy and data-security practices

Florida Privacy Law FAQ

How a Florida Privacy Attorney Can Help