NPL (SB – 220) vs CCPA

MoreoverFrom a couple of months, the California Consumer Privacy Act (CCPA) has grabbed the attention of many privacy professionals and businesses throughout the US. However, Nevada officially approved Senate Bill 220 (SB-220), on May 29, 2019. Nevada’s previous online privacy law issued in 2017 (NRS 603A.300- 603A.360), required plenty of amendments. Therefore, it had to issue a law to cover the gap which previous law had made.

The amendments are now providing consumers with the right to opt-out of selling their personal information. Although, there are similarities that exist amid these two profound laws, such as, the right to opt-out. Whereas, there are also some differences amongst the California Consumer Privacy Act and Nevada Privacy Law. Let’s crack on to the rest of the blog to find out some real differences and semblance between these laws.


Nevada Privacy Law

Moreover, the Nevada Privacy Law applies to online businesses, services, and operators of Internet websites. And, the definition of “operator” in this law is:

  • One who operates an Internet website or any online service for a commercial purpose
  • Who gathers and maintains covered information from consumers. The one who is a resident of Nevada and uses or visit the Internet website or online service.
  • Engage in any activity that is linked with Nevada to gratify the requirements of the United States Constitution. Those activities include directing activities with a purpose towards Nevada, involved in a transaction with Nevada or a Nevada resident, or taking advantage of conducting activity in Nevada.

Additionally, the Nevada law exempts the entities mentioned down-below:

  • A third party that operates, hosts, processes or manages an Internet website or online service on its owner’s behalf.
  • Entities regulated by the Gramm-Leach-Bliley Act (GLBA) or the Health Insurance Portability and Accountability Act (HIPAA);
  • A service provider
  • A motor vehicle manufacturer who services a motor vehicle who covertly processes information.


The CCPA is directly applicable to a “business,” which

  • Handles personal information of California residents.
  • Determines the purposes of personal processing information.
  • Does business in California and meets one of the following fundamental requirements.
  • Has annual revenues of US$25 million.
  • Annually handles personal information regarding at least 50,000 consumers, households, or devices.
  • Derives 50% or more of its annual revenue by selling personal data.

Definitions differences of both the laws

1) Sale

Nevada Privacy Law

For Nevada sale is “the exchange of covered information for monetary consideration by the operator to a person for the person to license or sell the covered information to additional persons.”


On the contrary, the CCPA defines sale as “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information to another business or a third party for monetary or other valuable consideration.”

2) Personal Information

Nevada Privacy Law

Nevada gives the consumers leverage to opt-out of the sale of “covered information” which was either collected from a website or through some online service. According to this law, “covered information” means:

  • A first and last name.
  • A home or other physical address, which includes the name of a street and the name of a city or town.
  • An electronic mail (email) address.
  • A telephone number.
  • A social security number.
  • An identifier that allows a specific person to be contacted either physically or online.

The CCPA illustrates “personal information” which identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”

3) Consumer

Nevada Privacy Law

Furthermore, in Nevada Privacy Law a “consumer” means “a person who seeks or acquires, by purchase or lease, any good, service, money or credit for personal, family or household purposes” from any Internet website or online service.
The CCPA takes a “consumer” as “a natural person, mainly a California resident. Though, it can be any individual,

  • Who permanently resides in California without any temporary or transitory purpose.
  • And, who domiciled in California and outside the state for temporary or transitory use.

4) Do Not Sell

Nevada Privacy Law

Though, several differences can be witnessed amongst the two privacy laws in terms of the right to opt-out of the sale of personal information. And, entities are not required by Nevada to include a “Do Not Sell My Personal Information” button or link on their websites. In place of that, it makes it obligatory for the entities to provide consumers with an email address, a toll-free telephone number, or an Internet website to submit verified opt-out requests.
Nevertheless, under the CCPA Law businesses that sell personal information must give a “Do Not Sell My Personal Information” link or button on their websites. Consequently, this will allow consumers to opt-out of the sale of their personal information.

5) Opt-In

Nevada Privacy Law
However, Nevada does not mandate that consumers opt-in to the sale of their data.
whereas, the California Consumer Privacy Act, businesses usually do not obtain consumers’ consent to opt-in. Consequently, if consumers opt-out of the sale of their personal information, they have to wait for 12 months. So, after 12 – month period they are allowed to re-engage with those consumers to request that they opt-in to the sale.

Enforcement & Penalties under CCPA and Nevada Privacy Law

Nevada Privacy Law
Under Nevada, Privacy Law consumers cannot avail their private right of action against an operator.
In addition, if the Nevada Attorney General finds out any apparent violation of an operator, only then, a legal proceeding against the operator will be embarked. If any offenses caught by the court, it can impose a civil penalty of up to $5,000 per violation or issue an injunction.

Besides, under CCPA, consumers contain a limited private right of action for particular infringements. Similarly, those breaches can have potential fines ranging from$100 to $750 per consumer per incident, or actual damages.
Moreover, the California Attorney General can issue an injunction and levy civil penalties of up to$2,500 per violation and up to $7,500 for intentional violations.