Privacy laws · Utah

Utah Consumer Privacy Act.

Most business-friendly of the early state privacy laws. Requires both revenue threshold AND consumer threshold. Opt-out model for sensitive data rather than opt-in.

/ Diagnostic check ClearConsent scans your storefront for signals related to this law — consent banner state, GPC support, Do Not Sell links, privacy policy disclosures, cookies, and trackers.

/ Effective

2023-12-31

Effective date

When the law took effect or will take effect.

/ Consumers

100,000

Consumer threshold

The number of Utah residents whose data triggers compliance.

/ Revenue

$25,000,000

Revenue threshold

Annual revenue trigger for compliance, if applicable.

01 / Key requirements

What the law requires.

01Privacy notice with required disclosures
02Right to access personal data
03Right to delete personal data
04Right to data portability
05Right to opt-out of sale and targeted advertising
06Opt-out for sensitive data (not opt-in)
07Processor contracts required
08Security practices

02 / Enforcement

Penalties & cure period.

Penalties

Up to $7,500 per violation.

Cure period

30-day cure period

Enforcement agency

Attorney General + Division of Consumer Protection

03 / E-commerce

What this means for
your store.

Higher bar: must meet $25M revenue AND consumer thresholds. More business-friendly than other states.

Scan your store for UCPA privacy gaps →

Run the diagnostic

Utah Consumer Privacy Act.

What the law requires.

Penalties & cure period.

What this means foryour store.

What this means for
your store.