On July 18, 2023, Oregon’s Governor Tina Kotek signed SB 619, which created the Oregon Consumer Privacy Act (“OCPA”). Oregon joins California, Virginia, Colorado, Connecticut, Utah, Iowa, Indiana, Tennessee, Montana, Florida, and Texas, as the 12th state to enact a comprehensive consumer data privacy law.
Most provisions of the OCPA will take effect on July 1, 2024, with delayed compliance deadlines for honoring universal mechanisms consumers will use to exercise their right to “opt out” of a platform processing their personal information for certain purposes and for activities of tax-exempt organizations described in Section 501(c)(3) of the Internal Revenue Code. Notably, unlike most other state privacy laws, the OCPA exempts only certain nonprofit organizations. For activities of tax-exempt organizations described in Section 501(c)(3) of the Internal Revenue Code, the OCPA has a delayed effective date of July 1, 2025.