The Virginia Senate voted Friday to send a major privacy bill to Governor Ralph Northam, who many expect will sign it. The Consumer Data Protection Act, which would go into effect in January 2023, would give Virginians some control over how companies use their data.
The legislation somewhat echoes California’s 2018 consumer privacy law and would make Virginia the second state in the US to have passed major privacy legislation.
The act would allow Virginians to see what kind of data companies keep on them, allow them to correct inaccuracies, and allow them to prohibit companies from selling their data. It also contains a lot that privacy advocates don’t like. Among their objections: The bill would put the onus of “opting out” on consumers rather than companies; it allows companies to charge higher prices to people who exercise these rights; and it prevents people from taking legal action against companies by making enforcement the sole responsibility of the attorney general’s office. The legislation “has almost no teeth,” the Electronic Frontier Foundation wrote earlier this month, calling the bill “empty.”
Lawmakers nonetheless consider the act an “important first step,” the Roanoke Times reports. Virginia joins the states of Washington, New York, Florida, and others that are acting in the absence of any meaningful federal policy regarding policy, which some businesses fear may lead to a patchwork of state-level laws.
Andrew Beaujon joined Washingtonian in late 2014. He was previously with the Poynter Institute, TBD.com, and Washington City Paper. He lives in Del Ray.
