The legislation aims to provide New Jersey residents with ‘more control over their personal data’, but provisions contain unnecessarily far-reaching and unusually restrictive mandates on innovative small businesses in the Garden State.
Washington, DC (9/11/25) – The App Association shared comments with the New Jersey Division of Consumer Affairs (NJDCA) highlighting concerns from member companies in the state regarding proposed rules to implement the recently passed New Jersey Data Privacy Act.
In a letter to NJDCA Acting Director Cari Fais, the App Association, on behalf of our member companies, including small and medium sized businesses and technology companies, expressed concern that while the legislation is well-intentioned, certain provisions would saddle entrepreneurs and small app developers in the Garden State with regulations designed for larger companies.
Requirements such as forcing developers to provide consumers with “in-person” options to exercise their data rights, or mandating annual reassessments of biometric data retention, are examples of the provisions being considered by regulators that, for a company that employs a small staff, would be unworkable. Larger companies, by contrast, already have the legal and compliance infrastructure to manage these mandates.
In the letter, the App Association advocated for adjustments to the proposed implementation rule, including those that would retain the original intent of the legislation, and recognizing the core differences between large technology companies and small businesses operating in the state when it comes to data protection policies. The letter emphasizes that targeted fixes, such as easing unnecessary disclosure mandates and replacing rigid restrictions with more flexible standards, would protect consumer privacy without burdening small businesses and choking off innovation.
See ACT | The App Association’s full letter to NJDCA online here.