- Show all articles ( 51 ) Show less articles
- Show all articles ( 7 ) Show less articles
- Show all articles ( 15 ) Show less articles
- Show all articles ( 42 ) Show less articles
The Virginia Consumer Data Protection Act (CDPA)
The Virginia Consumer Protection Act (VCDPA) is the data privacy law of Virginia citizens. It was passed in March 2021 and took effort on January 1st, 2023. The VCDPA governs the collection and processing of Virginia residents’ personal information by for-profit companies and organizations. It also sets out the rights of citizens in relation to data protection, as well as the obligations of the party which uses such data. One of those rights is the right to opt out of having your personal data sold to third parties or used for targeted advertising. This is similar to California’s right to opt-out in CCPA.
Data protection law requires businesses to make data collection transparent in privacy policies and cookie policies.
This law, like others of this type, requires the consent of the owner of the data for such data to be processed.
Who does the VCDPA applies to?
The VCDPA applies to all companies or for-profit organizations that do business in Virginia or work with Virginia residents, i.e. produce products and services for Virginia residents.
To have an obligation to comply with Virginia data protection law requires that you have a company in Virginia, or have a company outside of Virginia but users from within Virginia. A great example of this is offering online services to Virginia citizens.
Limitations to the The Virginia Consumer Data protection act
The Virginia Data Privacy Act allows businesses to offer different prices and different levels of service to consumers without having to comply with certain obligations.
For violations of the law, Virginia residents cannot directly file a lawsuit, but that is left in the hands of the state attorney general. The latter can claim damages of up to $7,500 per violation.