
Virginia became the second state to adopt a much-needed data privacy legislation law, which aims to protect consumers from data theft and data misuse. Under the consumer data law, consumers gain important privacy rights, including the right to access, correct, delete, make portable their own information, and to avoid discrimination.
Consumers will also be able to opt-out of targeted advertising and prohibit the sale of their personal data. The law also describes several instances in which an entity may not be required to comply with consumer requests when compliance would be “unreasonably” difficult.
The Consumer Data Protection Act has broad support from the tech industry, as it is similar to an existing California law that went into effect in 2020. Although based on the same privacy principles, the Virginia law is seen as more industry-friendly than the California law. The new Virginia law does not allow individuals to bring lawsuits against tech companies for privacy violations. The law is expected to take effect in 2023. Violations of the law can result in fines up to $7,500 per violation.
The Lyon Firm is investigating data misuse claims and has experience legally engaging corporations following data breach events and personal data violations.
The passage of the privacy law is seen as a victory for consumers to crack down on personal data theft and data misuse. One example of a change in law is that companies will be required to get permission before collecting certain types of data related to racial or ethnic origin, genetic data and location. The idea is to hold tech corporations accountable for protecting consumer data.
Other states, including Utah, Washington and New Jersey, are weighing their own data privacy legislation. The differing intricacies of the laws is likely to put more pressure on Congress to move toward federal privacy legislation. There have been attempts to pass data privacy bills but they have largely failed. The tech industry may apply its own pressure for a federal standard so they don’t have to navigate so many different state regulations.
Consumers want to know how their data is stored and where it ends up. That is not always an easy task. Personal data is sold to third parties by vendors, and data winds up in the hands of several marketing agencies, not only big tech databases.
Because of such issues, consumers have pushed for a requirement for a broad opt-out browser setting that alerts companies that they want as little of their data collected as possible. The Virginia law is not set in stone, and lawmakers expect some revisions and additions as technology evolves in the coming years. One area of major concern is data privacy concerns related to various biometric, artificial intelligence collections and facial recognition technology.
Many companies will be accountable for understanding and enacting the new privacy laws, though some entities will be exempt, including the following:
Several types of data are also exempted from the full scope of the law, including:
Companies will have several obligations under the new consumer data privacy law that include:
Lawmakers and consumer safety attorneys have highlighted specific consumer privacy rights, which include:
Taking the first step doesn’t have to be complicated. In just a few minutes, you can share the basics of your case, and our team will guide you from there: