The Consumer Data Protection Act is supposed to take effect in 2023. It should give people more control over what happens to their personal information.
Simpson33 / Getty Images
On March 2, Virginia s Democratic Governor Ralph Northam signed into law the nation s second major piece of state legislation that governs consumer data privacy and protection. Virginia s Consumer Data Protection Act (CDPA) follows the California Consumer Privacy Act (CCPA), which went into effect on January 1, 2020. In a referendum last fall, California citizens voted to amend the CCPA by approving the California Privacy Rights and Enforcement Act (CPRA), which will mostly go into effect on January 1, 2023.
All three laws follow the European Union s landmark data protection law, the General Data Protection Regulation (GDPR), implemented on May 25, 2018. Although the CCPA, CPRA and CDPA borrow heavily from the GDPR, each data privacy vehicle contains provisions that vary from the other laws.
On Tuesday, Virginia Governor Ralph Northam signed the Consumer Data Protection Act ("CDPA") into law, making Virginia the second U.S. state after California to pass a comprehensive data privacy law.
To embed, copy and paste the code into your website or blog:
On March 2, 2021, Governor Northam signed into law Virginia’s own Consumer Data Protection Act (“Virginia CDPA” or the “Act”), a bill that brings together concepts from the EU’s General Data Protection Regulation (GDPR) as well as the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). It is the first of its kind legislation on the East Coast. The law will go into effect on January 1, 2023.
The drafters of the Virginia CDPA appear to have benefited from observing the pitfalls and problems that arose in the development and implementation of both GDPR and CCPA. The Virginia bill deftly avoids several of those by incorporating narrower, more tailored definitions that clearly exclude categories of data and businesses over which there was (and continues to be) some confusion with respect to both the EU/UK and California compliance regimes. It also adopts, in concept, the framework
To embed, copy and paste the code into your website or blog:
Earlier this week, the Commonwealth of Virginia became the second state to enact comprehensive consumer data privacy legislation, joining California. On March 2, Governor Ralph Northam signed the Consumer Data Protection Act (CDPA) into law, as he was widely expected to do. The CDPA garnered widespread support in Virginia’s House and Senate and was pushed across the goal line in Richmond relatively quickly.
The CDPA establishes a framework for controlling and processing personal data in Virginia. At a high level, it:
Applies to an entity or individual that conducts business in Virginia or targets their products or services to Virginia residents and that meets minimum thresholds for controlling and processing (or selling) personal data;