Skip to main content

Privacy-proof consumer data and stay ahead of UCPA compliance

Display an opt-out notice, generate a privacy policy and start your compliance with the #1 consent management platform.

Become UCPA Compliant

14-day free trial Cancel anytime

Utah UCPA opt-out notice

The #1 cookie consent solution, trusted by 1.5 Million+ websites

Brand logos of global companies that are CookieYes customers.
Utah UCPA effective date

Utah Consumer Privacy Act (UCPA) is a state-wide data privacy that regulates how businesses process the personal information of consumers in Utah and grants consumer rights including the right to opt-out of targeted advertising and sale of personal data. The Act is set to take effect on December 31, 2023.

UCPA Compliance Checklist for Websites

  • Provide opt-out for the sale of personal data and targeted advertising
  • Review and update your privacy policy and cookie policy
  • Enable consumers to make data subject access requests

Prepare for UCPA Compliance with CookieYes

Implement opt-out requests

Under UCPA, when businesses sell personal data or use it for targeted advertising (including the use of third-party cookies), they should provide consumers with the right to opt out.

With CookieYes you can

  • Display a clear and conspicuous opt-out notice on your website
  • Target the opt-out notice for US visitors alone.
  • Respect Global Privacy Control (GPC) signals from browsers

Automate consent management

Ensure that websites set third-party cookies only based on user preferences and maintain continuous compliance.

With CookieYes you can

  • Scan your website for cookies against a 100,000+ cookie database
  • Schedule cookie scanning for up-to-date information on cookies
  • Record consent logs for proof of consent during audits

Generate a compliant privacy policy

Under the Utah UCPA, businesses should implement an accessible and clear privacy policy with disclosure on the data collected, the purpose of collection, how to exercise user rights and more.

With CookieYes you can

  • Use our pre-built, legally-compliant policy templates
  • Generate your privacy policy and cookie policy in minutes
  • Simply copy-paste the legal policies to your website

Achieve cookie compliance
without spending hours

Become UCPA Compliant

14-day free trial Cancel anytime

Learn more about UCPA and take the next
step towards compliance

What is UCPA?

Utah Consumer Privacy Act (UCPA) establishes data privacy obligations for businesses in the state that process the data of Utah residents. Utah became the fourth state in the United States to enact a comprehensive consumer privacy law when UCPA was passed into law on March 24, 2022. 

UCPA shares similarities with the privacy laws in California, Virginia and Colorado, but also has some key differences such as its exemptions for employee data and the definition of ‘sale’.

Who does UCPA apply to?

UCPA is applicable to any controller or processor who:

  • Conducts business in Utah and produces products or services that target the residents of the state
  • Has an annual revenue of $25,000,000 or more and
  • Satisfies one or more of the following thresholds:
    • During a calendar year, has processed the personal data of 100,000 or more consumers:
    • Derives 50% of the entity’s gross revenue from the sale of personal data and controls or processes the personal data of 25,000 or more consumers.

The UCPA does not apply to non-profit organizations or higher education institutions, tribes, air carriers, and government organizations.

What are consumer rights

Right to know

The right to know whether a business collects personal data about them and how it is used and shared.

Right to access

The right to access the personal data a business has collected about them.

Right to delete

The right to delete personal information that a business has collected from them.

Right to data portability

The right to obtain a copy of their personal data in a portable format.

Right to opt-out

The right to opt out of the processing of personal data for targeted advertising and the sale to third parties.

Right to non-discrimination

The right to not be discriminated against for exercising their consumer rights under UCPA.

What is the penalty for non-compliance?

The Utah Attorney General (AG) has the enforcement authority over UCPA compliance and penalties. In case of an alleged violation, the AG will give businesses a 30-day period to cure the violation.

Businesses that fail to correct the violation within the cure period will be subject to fines of up to $7,500 per violation.

FAQ on UCPA Compliance

The Utah Consumer Privacy Act or UCPA is a privacy law that was enacted on March 24, 2022. Utah became the fourth US state to enact a comprehensive consumer privacy law after California, Virginia and Colorado.

UCPA provides consumers (i.e. residents acting in an individual or household context) in Utah rights over their personal data by imposing obligations on how businesses control or process the data. The Act will go into effect on December 31, 2023.

Personal data under the UCPA is defined as “information that is linked or reasonably linkable to an identified or identifiable individual”. This includes data that can be used to directly or indirectly identify a person, such as their name, address, email address and phone number. 

The UCPA excludes de-identified data, aggregated data, or publicly available information as personal data. Data regulated by the Health Insurance Portability and Accountability Act (HIPAA), the Driver’s Privacy Protection Act, and the Family Education Rights and Privacy Act (FERPA) are also exempted from its scope.

The UCPA defines a sale as, “the exchange of personal data for monetary consideration by a controller to a third party.” UCPA does not include CCPA/CPRA’s definition of sale which involves personal data exchanged for “other valuable consideration” on top of monetary consideration. 

The UCPA also excludes certain types of disclosures to third parties from the definition of sale, including disclosures for the purpose of providing products or services and for the purpose consistent with a consumer’s reasonable expectations.

In addition, a sale does not occur under UCPA if the disclosure is made to processors and affiliates of the data controller.

Utah Attorney General (AG) has exclusive authority to enforce the UCPA. However, under the Act, the enforcement actions by the Attorney General may be initiated after a referral from the Utah Division of Consumer Protection. The Division receives consumer complaints, conducts an investigation, and then refers the matter to the AG if there’s substantial evidence to support a violation identified in the consumer complaint. The AG can then issue a formal notice of violation and grant the business 30 days to cure before taking enforcement action.

Here are some links you can refer to for additional reading:

Fast-track your UCPA compliance in minutes

Set up a cookie consent banner in 3 simple steps and automate your compliance.

Become UCPA Compliant

14-day free trial Cancel anytime