New Jersey

Comprehensive Privacy Law

New Jersey has enacted a comprehensive data privacy law called the New Jersey Data Privacy Act (NJDPA), making it the 13th state in the U.S. to pass such legislation[1][2]. Governor Phil Murphy signed Senate Bill 332 into law on January 16, 2024, and the law became effective on January 15, 2025[1][3][4]. This law provides New Jersey residents with significant control over how businesses collect, use, and share their personal information.

Legislative Activity

The New Jersey Legislature passed Senate Bill 332 on January 8, 2024, after the bill underwent several rounds of amendments since its initial introduction in 2022[2][5]. In June 2025, the New Jersey Division of Consumer Affairs announced proposed rules to implement the law, with a 60-day public comment period ending on September 2, 2025[6][7]. Final rules are expected to be published sometime in 2026 after reviewing public comments.

Implementation Timeline

The NJDPA became enforceable on January 15, 2025[3][8]. Businesses have until July 15, 2025, to implement systems for recognizing universal opt-out signals[1][9]. For the first 18 months (until July 1, 2026), businesses receive a 30-day cure period to fix violations before facing enforcement action[3][10]. After this grace period ends, the cure provision expires and enforcement becomes more immediate.

Your Rights as a New Jersey Resident

The New Jersey Data Privacy Act grants residents several important rights when dealing with businesses that collect their personal information.

Right to know what data is collected: You can request confirmation of whether a company is processing your personal data and access that information[11][4]
Right to delete personal information: You can request that businesses delete your personal data, with some exceptions for legitimate business purposes[11][4]
Right to opt out of data sales: You can prevent companies from selling your personal information to third parties or using it for targeted advertising[1][4]
Right to correct inaccurate data: You can request that businesses fix errors or inaccuracies in your personal information[11][4]
Right to data portability: You can obtain a copy of your personal data in a readily usable format to transfer to another service[4]
Right to non-discrimination: Businesses cannot treat you unfavorably for exercising your privacy rights, though they may offer incentives for allowing data use[12]

Companies must respond to your requests within 45 days, with the possibility of extending this deadline by another 45 days if needed[11]. If a company denies your request, you have the right to appeal their decision.

Business Requirements

The NJDPA applies to businesses that meet specific criteria and imposes several compliance obligations on covered entities.

Which companies must comply: Businesses conducting business in New Jersey or targeting New Jersey residents that control or process personal data of at least 100,000 consumers, or at least 25,000 consumers while deriving revenue from data sales[13][3]
Notice and transparency requirements: Companies must provide clear privacy notices explaining data collection practices, consumer rights, and how to exercise those rights[1][6]
Consumer request response procedures: Businesses must establish systems to receive and respond to consumer rights requests within 45 days, and provide at least two methods for submitting requests, including a toll-free phone number[6]
Consent requirements: Companies must obtain explicit consent before processing sensitive data or personal data of consumers aged 13-17 for certain purposes[1][12]
Data protection assessments: Businesses must conduct risk assessments for processing activities that present heightened risks to consumers[1][14]
Universal opt-out signals: Companies must recognize and honor automated opt-out preference signals starting six months after the law’s effective date[1][3]

Practical Impact

Daily life protection: The law helps protect residents from unwanted data sales, reduces targeted advertising, and gives control over personal information shared online, in apps, and through digital services[15][12]
What to do if rights are violated: Residents can file complaints with the New Jersey Division of Consumer Affairs, which investigates privacy violations and works with the Attorney General’s office for enforcement[10][16]
Enhanced protections for sensitive information: The law provides stronger safeguards for financial information, health data, biometric data, and precise location information compared to many other state privacy laws[1][17]
Children’s privacy protections: Additional consent requirements protect teens aged 13-17 from having their data sold or used for targeted advertising without permission[1][6]
Limitations in enforcement: Unlike some consumer protection laws, residents cannot sue companies directly for privacy violations – only the state Attorney General can bring enforcement actions[1][18]

Comparison Context

Broader coverage than most states: New Jersey’s law applies more broadly than some other state privacy laws because it lacks revenue thresholds and doesn’t automatically exempt nonprofit organizations[1][13]
Faster response times: New Jersey requires businesses to process opt-out requests within 15 days, which is faster than California’s 30-45 day timeline[10]
Expanded sensitive data definition: The law includes more types of financial information as “sensitive data” compared to other states, providing broader protection for financial privacy[1][17]
No private right of action: Unlike California’s privacy law, New Jersey residents cannot file lawsuits against companies for privacy violations – enforcement relies solely on state government action[1][18]
Strong rulemaking authority: Similar to California and Colorado, New Jersey empowers regulators to issue detailed implementation rules, allowing the law to evolve with changing technology[1][6]

Action Steps for Residents

Review privacy settings: Check privacy settings on websites, apps, and services you use regularly, and exercise your opt-out rights where available
Enable universal opt-out signals: Use browser settings or privacy tools that send automatic opt-out signals to websites to reduce tracking and data sales
Submit data rights requests: Contact companies directly to request access to, correction of, or deletion of your personal information using the methods they provide in their privacy notices
File complaints when needed: Report privacy violations or unresponsive companies to the Division of Consumer Affairs for investigation and potential enforcement action
Stay informed about rule changes: Monitor updates from the Division of Consumer Affairs as they finalize implementation rules that will affect how the law works in practice
Protect children’s privacy: Be aware of additional consent requirements for teens and help young people understand their privacy rights

Official Resources and Contact Information

New Jersey Division of Consumer Affairs

The Division of Consumer Affairs oversees implementation and enforcement of the New Jersey Data Privacy Act. They investigate consumer complaints and issue regulations governing compliance with the privacy law.

Contact Information:
Email: askconsumeraffairs@dca.njoag.gov
Phone: 973-504-6200
Website: https://www.njconsumeraffairs.gov
Address: 124 Halsey Street, Newark, NJ 07102

New Jersey Legislature

Contact your state legislators to provide input on privacy legislation or ask questions about ongoing privacy-related legislative activity.

General Legislative Information:
Email: leginfo@njleg.org
Phone: (609) 847-3905
Toll Free: (800) 792-8630
Website: https://www.njleg.state.nj.us/contact

Find Your Representatives:
Visit the New Jersey Legislature website at https://www.njleg.state.nj.us to find your specific state senator and assembly representatives by entering your address or zip code.

Filing Privacy Complaints

If you believe a business has violated your privacy rights under the New Jersey Data Privacy Act, you can file a complaint with the Division of Consumer Affairs. They will investigate and work with the Attorney General’s office on enforcement actions when appropriate.

Report privacy violations through the Division’s complaint system on their website or by calling their consumer hotline at 973-504-6200.

Sources and Citations

[1] www.wilmerhale.com/en/insights/blogs/wilmerhale-privacy-and-cybersecurity-law/20240117-new-jersey-enacts-comprehensive-privacy-law

[2] www.onetrust.com/blog/new-jersey-passes-comprehensive-privacy-law/

[3] www.osano.com/articles/new-jersey-data-privacy-act-njdpa

[4] www.whitecase.com/insight-alert/new-jersey-enacts-comprehensive-data-privacy-law

[5] www.wiley.law/alert-State-Privacy-Update-New-Jersey-Becomes-13th-State-to-Pass-a-Consumer-Privacy-Bill

[6] www.wilmerhale.com/en/insights/blogs/wilmerhale-privacy-and-cybersecurity-law/20250624-new-jersey-announces-proposed-rules-under-the-states-comprehensive-privacy-law

[7] www.hunton.com/privacy-and-information-security-law/rules-proposed-under-new-jersey-data-privacy-act

[8] ogletree.com/insights-resources/blog-posts/new-jersey-joins-data-privacy-party-new-jersey-data-protection-act-becomes-effective-in-january-2025/

[9] trustarc.com/resource/new-jersey-consumer-privacy-act-background-brief/

[10] www.ketch.com/regulatory-compliance/new-jersey-data-privacy-act-njdpa

[11] www.lewisrice.com/publications/lucky-number-13-new-jersey-enacts-comprehensive-privacy-law/

[12] www.cookieyes.com/blog/new-jersey-data-privacy-act-njdpa/

[13] secureprivacy.ai/blog/new-jersey-s332-privacy-bill-guide

[14] www.akingump.com/en/insights/alerts/new-jersey-data-protection-act-what-businesses-need-to-know

[15] www.nj.gov/governor/news/news/562024/20240116k.shtml

[16] www.njconsumeraffairs.gov/

[17] www.informationpolicycentre.com/uploads/5/7/1/0/57104281/cipl_comparison_us_state_privacy_laws_dpa_feb14.pdf

[18] www.dglaw.com/the-garden-state-has-a-new-privacy-law-you-got-a-problem-with-that/

Last Updated August 2025. Written with contributions from both human authors and Perplexity AI. If you find incorrect or outdated information let us know at support@optery.com.