Virginia amended its Telephone Privacy Protection Act, effective at the start of January. Among other changes, the law removes the word “call” in many places that impose requirements on telephone solicitations. As a reminder, the definition of telephone solicitation already included texts, under an amendment from 2020.Continue Reading Virginia Legislature Emphasizes Its “Little” TCPA Applies to Texts
Virginia’s governor recently signed into law a bill that amends the Virginia Consumer Data Protection Act. As revised, the law will include specific provisions impacting children’s use of social media. Unless contested, the changes will take effect January 1, 2026. Courts have struck down similar laws in other states (see our posts about those in Arkansas, California, and Utah) and thus opposition seems likely here as well. Of note, the social media laws that have been struck down in other states attempted to require parental consent before minors could use social media platforms. This law is different, as it allows account creation without parental consent. Instead, it places restrictions on account use for both minors and social media platforms.Continue Reading Virginia Will Add to Patchwork of Laws Governing Social Media and Children (For Now?)
When thinking about privacy notice obligations, companies often -incorrectly- leap to the wording in their privacy policies. The new comprehensive state privacy laws are a reminder that notice obligations are a bit broader than mere privacy policies. To the extent that these laws apply to your organization (see our prior applicability post) there are some notice-related obligations to keep in mind.Continue Reading The Comprehensive Privacy Law Deluge: Approaching Notice Obligations
Of the many worries on privacy compliance teams’ lists as we face the onslaught of state “general” privacy laws are the impacts they have on vendor contracts. Fortunately for those who have already had to deal with contracts with vendors (service providers, processors) in California or EU’s GDPR, the impact should be fairly minimal.Continue Reading The Comprehensive Privacy Law Deluge: Updating Vendor Contracts
With a little less than a week before the next US state “comprehensive” privacy laws (Colorado and Connecticut) go into effect, many are reviewing existing practices. One that keeps coming up is the concept of “profiling.” As a reminder, we now have 11 states with comprehensive privacy laws: California, Colorado, Connecticut, Florida, Indiana, Iowa, Montana, Tennessee, Texas, Utah, and Virginia.Continue Reading The Comprehensive Privacy Law Deluge: What to Do About “Profiling”
The Virginia privacy law going into effect January 2023 received some minor tweaks this month. In particular, provisions around deletion requests. As originally enacted, the Virginia law mirrored similar provisions in California and Europe, giving individuals the ability to ask for their information to be deleted. As amended, if information that the individual asks to be deleted was obtained “from a source other than the consumer” then the business can treat that deletion request as a request to opt out of targeted advertising, sale, and profiling. The business can also delete the information.
Continue Reading Virginia Tweaks Its Upcoming Privacy Law
Virginia is now the second state, after California, to pass a comprehensive privacy law. The Consumer Data Protection Act (“CDPA”) will come into effect January 1, 2023 (the same time as the modification to California’s Consumer Privacy Act (“CCPA”), namely the California Privacy Rights Act). Although this new Virginia law has been compared by many to California’s current CCPA and the EU’s GDPR, there are some differences. Businesses will find most of the differences a relief, although the law does introduce a few new concepts.
Continue Reading Virginia is for…Privacy: Comprehensive Law Passed, Effective January 2023