Delaware Personal Data Privacy Act and Delaware Online Privacy Rules

Delaware is two privacy laws on one page. An older website operator law, the Online and Personal Privacy Protection Act, applies next to the newer Delaware Personal Data Privacy Act, and an online business can owe duties under both, so its privacy policy serves as a website document and a state rights document at once.

The older law reaches operators of commercial websites, online services, and apps that collect personally identifiable information from Delaware residents, and it requires a conspicuously posted privacy policy that states its effective date, explains how the operator responds to browser Do Not Track signals, and says whether anyone else collects identifiable information about a visitor's activity across sites over time. That is more specific than most templates assume, so a business focused on the newer omnibus laws can miss these website duties if the page never addresses browser settings, cross site collection, or the operator's posting obligation plainly.

The Delaware Personal Data Privacy Act took effect on January 1, 2025, and it applies to a business that processes the data of at least 35,000 Delaware residents in a year, or at least 10,000 when more than 20 percent of gross revenue comes from selling personal data. It brings the familiar omnibus structure, so the notice has to describe the categories processed, the purposes, how a consumer exercises rights, the categories shared with third parties, the categories those third parties fall into, and whether data is sold or used for targeted advertising along with the way to opt out, and both Delaware laws can shape the same page when they both apply.

Delaware also treats readability as part of the legal text rather than a design choice, because the Department of Justice says a covered notice should be reasonably accessible, easy to understand, free of unnecessary jargon, readable on a small screen, and available in the languages the business uses for other consumer materials such as contracts or sales announcements. A page can satisfy every legal topic and still fall short when the writing is dense or the layout breaks on a phone, which is why readability belongs in the Delaware review.

The Delaware Department of Justice enforces the newer act, and the statute creates no private right of action, so Delaware is an enforcement and notice quality question rather than a litigation one. The strongest position is a policy that reads plainly and matches the request and opt out workflow behind it, with both the older website disclosures and the newer rights disclosures present wherever each law applies.