Archives

What if I am a motor vehicle manufacturer? Does the privacy law apply?

Posted in on September 26, 2025

Yes. As of September 2025, the OCPA applies to all motor vehicle manufacturers, and their affiliates that control or process personal data obtained from an Oregon consumer’s use of a motor vehicle. The number of Oregonians does not matter.

Does the OCPA address the use of “dark patterns”?

Posted in on October 16, 2024

While the OCPA does not include the term “dark patterns” specifically, the OCPA contains numerous requirements regarding the accessibility and clarity of resources provided to consumers by controllers. The use of dark patterns (or deceptive design) may violate these accessibility... View Article

How should my business calculate whether it meets the threshold to qualify under the OCPA when it has a complex hierarchy/ structure?

Posted in on

It depends on several factors specific to your business. For example, some factors to consider include how data flows throughout the organization, including whether different entities utilize or have access to each other’s consumer personal data, and who has decision-making... View Article

Does the law impose any obligations on employee data?

Posted in on April 11, 2024

The law does not apply to data maintained for employment records purposes. Furthermore, the term “consumer” means an individual Oregon resident acting only in an individual or household context and does not include an individual acting as an employee or... View Article

What entities are excluded from the law?

Posted in on

The privacy law excludes some types of entities from complying with its requirements, even if those entities meet the threshold requirements. These entities include: State, local, and tribal governments; Financial institutions as defined in ORS 706.008; and Certain insurers as... View Article

Are certain types of personal data excluded from the law?

Posted in on

Yes, publicly available data and deidentified data are not “personal data” under the law. In addition, the law does not apply to certain types of personal data maintained in compliance with specific federal privacy laws, such as the Health Insurance... View Article

Does the law apply to vendors and other service providers?

Posted in on

Yes, the law applies to vendors and service providers that maintain or provide services involving personal data on behalf of a controller. The individuals or entities that fit that description are called “processors.”

Who does the privacy law apply to?

Posted in on

Generally, the law applies to any individual or entity that conducts business in Oregon or that provides products or services to Oregon residents if, during a calendar year, that individual or entity controls or processes the personal data of: at... View Article

Oregon Department of Justice

Media

Department Communications and General Information

Archives

What if I am a motor vehicle manufacturer? Does the privacy law apply?

Does the OCPA address the use of “dark patterns”?

How should my business calculate whether it meets the threshold to qualify under the OCPA when it has a complex hierarchy/ structure?

Does the law impose any obligations on employee data?

What entities are excluded from the law?

Are certain types of personal data excluded from the law?

Does the law apply to vendors and other service providers?

Who does the privacy law apply to?