Media Contact

Caitriona Fitzgerald, EPIC, Deputy Director, [email protected], 202-483-1140 x105
Dorrie Toney, ACLU of Georgia, Communications Director, [email protected], 404-302-0128

March 12, 2024

SB 473 fails to protect consumers’ data privacy and security, says watchdog groups

ATLANTA – The Georgia Consumer Privacy and Protection Act (SB 473) gets a failing grade for protecting consumers’ data, finds a new report from the Electronic Privacy Information Center (EPIC) and U.S. PIRG Education Fund. Last week, SB 473 passed the state Senate and is currently being considered by the House Technology and Infrastructure Innovation Committee. There is a hearing scheduled for tomorrow.

"The ACLU of Georgia is fighting for privacy bills that put the rights of Georgians first,” said Christopher Bruce, Policy Director at the ACLU of Georgia. “We are disappointed the Senate passed one of the worst bills in the nation. The bill fails at protecting Georgians and instead protects the big tech companies. We urge the House will to consider this failing grade for SB 473 in drafting meaningful legislation to give Georgians control over their most private data.

Because the U.S. has no comprehensive federal privacy law, states are taking action. Since 2018, 44 states have considered comprehensive consumer privacy legislation, and 14 states have passed laws. Last month, EPIC and U.S. PIRG Education Fund released a scorecard report evaluating those laws for how well they protect consumers’ data privacy and security. Of the 14 state laws, 6 received Fs, and none received an A. If passed as is, Georgia’s bill would be the seventh law to receive an F. 

“SB 473 does little to protect Georgians’ privacy and allows companies to continue hoarding personal data and using it for whatever purposes they want,” said Caitriona Fitzgerald, deputy director of EPIC

Many state bills have been heavily influenced by tech companies, leading to significantly weakened consumer protections across the country. Georgia’s bill follows Virginia’s privacy law that was heavily shaped by Amazon and other industry giants. It received a failing grade on the scorecard report. 

“Grading these laws really makes it clear that they’re almost all copy-and-paste versions of a bill industry originally wrote,” said Kara Williams, EPIC law fellow and report co-author. “States have the opportunity to reject the industry model and pass laws that truly protect consumers instead.” 

Tech companies’ harvesting of personal information, including demographics and browsing and search history, has attracted more attention in recent years. Over 80% of Americans are concerned about how companies collect and use their data. 

The more data that companies collect, and the more companies that hold that data, the more likely it is that that consumers’ information will get exposed in a breach or a hack, making consumers more likely to become the victim of identity theft or hyper-targeted scams. 

“The best way to keep data secure is to not collect it in the first place,” said R.J. Cross, U.S. PIRG Education Fund’s Don’t Sell My Data campaign director. “A law that really protects consumers would minimize the amount of information companies are allowed to collect upfront, and stop them from using it in unexpected ways. Unfortunately, there’s not a privacy law in the country that does this as well as it should.”