Updated
Updated · The National Law Review · Jul 10
New Jersey Imposes Up to $1.5 Million Data Broker Fees, Bans Sensitive Data Sales
Updated
Updated · The National Law Review · Jul 10

New Jersey Imposes Up to $1.5 Million Data Broker Fees, Bans Sensitive Data Sales

3 articles · Updated · The National Law Review · Jul 10

Summary

  • June 30’s law, signed by Governor Mikie Sherrill and largely effective immediately, expands regulation beyond traditional data brokers to “data collectors” that gather consumer data directly and then sell or license it.
  • Annual registration is the centerpiece: covered firms must disclose contact, privacy-policy, opt-out, deletion, purchaser-credentialing, cybersecurity, under-18 and processor details for a public state registry.
  • Fees start at $5,000 for entities handling data on 100,000 or fewer New Jersey consumers and rise to $1.5 million above 4.5 million, though the registry itself will not operate for 270 days.
  • The statute bars data brokers and data collectors from selling or licensing sensitive data, while separately amending New Jersey’s privacy law to ban controllers from selling sensitive data regardless of processing volume.
  • Civil penalties reach $2,500 per day for registration failures and $50,000 per record for certain sensitive-data violations, raising compliance pressure on businesses holding New Jersey residents’ data.

Insights

Is New Jersey's $1.5M data fee a privacy win or a tax that will drive businesses away?
How can businesses navigate an immediate data-selling ban with key rules still undefined until 2027?

The $50,000-Per-Record Penalty: How New Jersey’s Data Broker Law Redefines U.S. Privacy Compliance

Overview

New Jersey's Assembly Bill 5328, enacted on June 30, 2026, has immediately reshaped the data privacy landscape by introducing the most expensive and comprehensive data broker law in the United States. The legislation brings an unprecedented scope of regulation, notably prohibiting the sale of sensitive data through both specific data broker provisions and amendments to the state's existing consumer data privacy law. Violations of this prohibition carry severe penalties, with fines reaching up to $50,000 per record. These sweeping changes create urgent compliance challenges for businesses and mark a pivotal moment in U.S. data privacy regulation.

...