What South Dakota’s new digital privacy law actually means for you
Picture this: It’s 8:00 p.m. on a Tuesday in Rapid City. The family is sitting on the couch, watching a movie on the Roku or Apple TV. The commercial break hits, and suddenly, the 65-inch screen fills with a hyper-targeted, undeniably embarrassing ad. Maybe it’s for lingerie, an obscure medical condition, or a niche subscription site.
Everyone in the room stares straight ahead. Nobody says a word. But someone on that couch knows exactly why that ad is playing.
For years, the running joke has been that our phones are secretly listening to our conversations. The truth is actually much simpler, and a lot more invasive. They don’t need to listen to your microphone because they are already tracking your digital footprints straight into your living room. It’s a lucrative tech industry practice called “Cross-Device Tracking.”
When you scroll through an app on your smartphone, data brokers aren’t just logging what you click. They are logging the IP address of the Wi-Fi router you are connected to. That same Wi-Fi router is plugged into the Smart TV mounted on your wall. The data broker doesn’t necessarily need to know your name. They just know that “Device A” (the smartphone looking at private subscription sites in the bedroom) and “Device B” (the TV playing Netflix in the living room) live in the exact same house and share a wallet. So, they sell ad space on the family TV based entirely on what the phone is doing behind closed doors.
Until now, if you called a tech company to ask why this was happening, they would brush you off. But starting July 1st, South Dakota’s Senate Bill 111 hands you a legal crowbar.
Under the new law, any user in the state can demand their “machine-readable” file from platforms boasting over 100 million users. It forces Big Tech to hand over your “Digital Receipt.” When you open that file, you aren’t just getting your old photos and status updates—you get to see the “Third-Party Sharing” and “Ad-Targeting” tags. For the first time, you have the legal right to see exactly which app is selling out your home network to the data brokers.
The Silent Erasure: Proving the Shadowban
The law doesn’t just protect the consumer; it arms the independent creator.
As any independent creator will tell you, the second you start talking about things people want kept quiet, the algorithm magically stops working for you. Platforms like Reddit, YouTube, and OnlyFans are notorious for “shadowbanning”—quietly throttling a user’s visibility so their content disappears from search results, tanking their reach and their revenue.
SB 111 changes the game. A South Dakota creator whose audience suddenly vanishes doesn’t have to guess anymore. By invoking this law and forcing the platform to hand over their backend file, they can look for the internal algorithmic tags. If there is a line of code that says Visibility: Restricted or Content_Flag: High_Risk, that creator now has hard-coded proof that the platform intentionally suppressed them.
The Dating App Loophole
But there is a massive, gaping hole in the legislation.
SB 111 only applies to platforms with over 100 million active monthly users. While giants like Facebook, X, and OnlyFans get caught in the net, the biggest players in the online dating world slip right through.
Tinder (roughly 75 million users), Bumble (50 million), and Grindr (15 million) all fall completely under the threshold. That means the apps that hold the absolute most intimate, sensitive “shadow data” on earth—exact GPS tracking, swiping habits, and highly private messages—are completely exempt. They do not have to give South Dakotans their “Digital Receipt,” meaning the apps that know exactly who you are sleeping with are the ones still legally allowed to keep secrets.
The True Crime Wall
Privacy, it turns out, is a double-edged sword. While SB 111 is a massive victory for keeping your data away from corporate brokers, it creates an impenetrable fortress when things go wrong.
Because SB 111 is strictly a “first-party” right, only the account owner can demand the data. If a Rapid City teenager goes missing, her desperate parents cannot use this law to force an app like Discord to hand over her chat logs or location data to see who she was meeting. The law protects the user’s privacy so aggressively that it essentially locks the family out of the digital vault when they need it most. They are forced to wait for police to secure traditional search warrants, wasting critical time.
Ironically, a suspect in that same case could use the law. They could instantly pull their own geolocation tags to establish a digital alibi, proving they were nowhere near the scene.
The ID Catch-22
Unsurprisingly, the massive tech lobbying groups fought bitterly against this law, sending a veto request to Governor Larry Rhoden. They argued that forcing platforms to pack a user’s entire digital life into one downloadable file creates a “Golden Key” for hackers.
To prevent an identity thief from simply emailing a tech giant and walking away with your digital briefcase, platforms are required to aggressively verify your identity.
This leads to the ultimate Catch-22 of data privacy: To prove that a tech giant is hoarding too much of your personal data, you often have to upload a photo of your literal, government-issued driver’s license to that exact same company just to get them to open the door.
Fortunately, the law anticipates this irony. It includes a strict “Burn After Reading” mandate. Tech platforms are legally forbidden from using that uploaded ID for anything other than verification, and they must securely delete it immediately after handing over your file.
On July 1st, the data broker era in South Dakota takes a massive hit. The black box is finally opening. We just have to decide if we are willing to hand over our IDs to see what’s inside.
Leave a Reply