The Florida Digital Privacy Act (FDPA) uses the factor of "Offering Goods and Services to Data Subjects in Jurisdiction" to determine its applicability to businesses and individuals processing personal data in Florida.

Text of Relevant Provision

FDPA Sec.501.703(1) states:

"(1) This part applies only to a person who:(a) Conducts business in this state or produces a product or service used by residents of this state; and(b) Processes or engages in the sale of personal data."

Analysis of Provisions

The FDPA's applicability is determined by two key criteria:

1. Business activity or product/service provision in Florida: The law applies to entities that either "conduct business in this state" or "produce a product or service used by residents of this state". This broad language encompasses both physical presence and remote offerings to Florida residents.
2. Processing or selling personal data: The entity must also "process or engage in the sale of personal data". This requirement ensures that the law focuses on organizations handling personal information.

The combination of these criteria effectively targets businesses that offer goods or services to Florida residents and process their personal data, regardless of the business's physical location.

Implications

This applicability factor has several implications for businesses:

1. Extraterritorial reach: Companies outside Florida may be subject to the FDPA if they offer products or services to Florida residents and process their personal data.
2. Online businesses: E-commerce platforms, digital service providers, and other online businesses targeting Florida consumers are likely to fall under the FDPA's jurisdiction.
3. Data processing activities: Organizations must assess whether their data handling practices constitute "processing" or "sale" of personal data as defined by the FDPA.
4. Compliance obligations: Businesses meeting these criteria must ensure compliance with FDPA requirements, potentially necessitating changes to data protection practices and policies.
5. Exemptions: Some entities, such as state agencies, financial institutions governed by GLBA, HIPAA-covered entities, and nonprofit organizations, are exempt from the FDPA's applicability (as per FDPA Sec.501.703(2)).

Businesses should carefully evaluate their activities in relation to Florida residents and their data processing practices to determine if they fall within the FDPA's scope. Those that do must align their operations with the law's requirements to avoid potential penalties and ensure the protection of Florida residents' personal data