Federal Consumer Online Privacy Rights Act (COPRA)

The Consumer Online Privacy Rights Act (COPRA) is a federal privacy or data protection law introduced into the Senate of the United States by Ms. CANTWELL (for herself, Mr. SCHATZ, Ms. KLOBUCHAR, and Mr. MAR- KEY).

What is the Federal Consumer Online Privacy Rights Act?

The purpose of COPRA is to:

  • provide consumers with foundational data privacy rights,
  • create strong oversight mechanisms, and
  • establish meaningful enforcement.

COPRA commencement date

This Act will take effect 6 months after the date of enactment but at this time COPRA is still a Bill.

Who must comply with COPRA?

COPRA applies to a “covered entity” which is generally defined to include any entity or person that:

  • is subject to the Federal Trade Commission Act; and
  • processes or transfers covered data (information that identifies). 

However, the definition excludes small businesses which are defined as entities that can show that, with respect to the 3 preceding calendar years, the entity does not:

  • maintain an annual average gross revenue in excess of $25,000,000;
  • annually process the covered data of an average of 100,000 or more individuals, households, or devices used by individuals or households; and 
  • derive 50 percent or more of its annual revenue from transferring individuals’ covered data. 

The relationship between COPRA and other data protection regulation

COPRA will supersede any State law if it directly conflicts with the provisions of COPRA. If any State law, rule, or regulation affords a greater level of protection to individuals protected under COPRA then it will not be considered to be in direct conflict.