The Delaware Personal Data Privacy Act was signed in September 2023 and takes effect January 1, 2025.
Delaware Privacy & Accessibility Laws
Delaware enacted the Delaware Personal Data Privacy Act (DPDPA) in 2023, making it one of the states with comprehensive consumer privacy legislation. The law takes effect January 1, 2025. Delaware also requires state government websites to be accessible to individuals with disabilities.
→
Privacy Law Status
DPDPA Enacted
→
Accessibility Requirements
State Government Websites
Delaware state agencies must ensure websites and digital services are accessible under ADA Title II and state accessibility standards.
Delaware Personal Data Privacy Act (DPDPA)
The DPDPA provides Delaware consumers with comprehensive privacy rights and establishes obligations for businesses that process personal data.
Key Dates
- Enacted: September 11, 2023
- Effective Date: January 1, 2025
- Cure Period: 60 days (expires December 31, 2025)
Who Must Comply?
The DPDPA applies to entities that conduct business in Delaware or target Delaware residents AND:
| Threshold | Requirement |
|---|---|
| Data Volume (Small Business) | Control or process personal data of 35,000+ Delaware consumers |
| Revenue + Data | Derive more than 20% of gross revenue from selling personal data AND process data of 10,000+ consumers |
Consumer Rights Under DPDPA
| Right | Description |
|---|---|
| Right to Know | Confirm whether personal data is being processed and access that data |
| Right to Correct | Correct inaccuracies in personal data |
| Right to Delete | Delete personal data provided by or obtained about the consumer |
| Right to Portability | Obtain personal data in a portable, readily usable format |
| Right to Opt-Out | Opt out of targeted advertising, sale of data, and profiling for significant decisions |
Sensitive Data Categories
The DPDPA requires opt-in consent for processing sensitive data, including:
- Racial or ethnic origin
- Religious beliefs
- Mental or physical health conditions or diagnoses
- Sex life or sexual orientation
- Citizenship or immigration status
- Genetic or biometric data for identification
- Personal data of known children under 13
- Precise geolocation data (within 1,750 feet)
Accessibility Requirements
Delaware government agencies must ensure digital accessibility:
State Government Obligations
- Delaware state agencies must comply with ADA Title II for digital content
- Department of Technology and Information (DTI) provides accessibility guidance
- State websites must follow WCAG 2.1 Level AA guidelines
- Educational institutions must ensure accessible online learning
- State procurement requires vendor accessibility compliance
Private Sector Considerations
- Businesses are subject to ADA Title III for public accommodations
- Website accessibility lawsuits can be filed in federal court
- Delaware being a corporate law leader means many businesses are incorporated there
- Financial services must provide accessible digital banking
Enforcement
→
Privacy Enforcement
- Delaware Attorney General - Exclusive enforcement authority
- 60-day cure period - Until December 31, 2025
- No private right of action - Only AG can enforce
Contact:
Office of the Attorney General
820 N. French Street
Wilmington, DE 19801
(302) 577-8600
→
Accessibility Enforcement
- U.S. Department of Justice - ADA enforcement
- Delaware Division of Civil Rights - State discrimination law
- Private litigation - Federal ADA claims
Contact:
Disabilities Law Program
Community Legal Aid Society, Inc.
(302) 575-0660
DPDPA Penalties
| Violation Type | Maximum Penalty |
|---|---|
| Per violation (after cure period) | $10,000 per violation |
| Consumer Protection Act violation | Additional penalties under Delaware Consumer Fraud Act |
| Injunctive relief | Court may order business practices to cease |
Business Obligations
| Obligation | Description |
|---|---|
| Privacy Notice | Clear notice of data categories, purposes, rights, and third-party sharing |
| Data Minimization | Limit collection to what is necessary for disclosed purposes |
| Purpose Limitation | Process data only for disclosed or reasonably expected purposes |
| Security | Implement appropriate technical and organizational measures |
| Sensitive Data Consent | Obtain opt-in consent before processing sensitive data |
| Request Response | Respond to consumer requests within 45 days (may extend 45 days) |
| Opt-Out Preference Signals | Honor browser-based opt-out signals for sales and targeted advertising |
Consumer Rights
Delaware residents have the following privacy rights under the DPDPA:
- Right to Access: Confirm data processing and obtain copies of personal data
- Right to Correct: Request correction of inaccurate data
- Right to Delete: Request deletion of personal data
- Right to Portability: Receive data in portable, usable format
- Right to Opt-Out: Opt out of sales, targeted advertising, and profiling
- Right to Non-Discrimination: Equal service regardless of exercising rights
- Right to Appeal: Appeal denial of consumer requests
Important Exemptions
The DPDPA exempts government entities, nonprofits, higher education institutions, HIPAA-covered entities, financial institutions under GLBA, and data regulated by FERPA, HIPAA, FCRA, or GLBA.
Related Resources
- US Privacy Laws Overview
- State Privacy Law Comparison
- ADA Title II Requirements
- All State Laws
- Privacy Compliance Guide
- Report a Violation
Need Help with Delaware Compliance?
The DPDPA is now in effect as of January 1, 2025. Businesses must ensure they meet all compliance requirements. Contact our experts for guidance on privacy policies, consumer request processes, and opt-out signal compliance.