“If it’s free… you’re the product.” That saying has never been truer at any point in time than in 2021. If you use Facebook, Google, Snapchat, TikTok, or Amazon, then you are the product, no matter what service they provide you, and you’re the best-selling product they’ll ever have. Against such large multinational corporations what can you, as a consumer, do to protect your data?
Luckily (some) politicians and interest groups have noticed and are beginning to act against the misuse of our personal data. The European Union passed the General Data Protection Regulation (“GDPR”), which allows EU residents to have a say in how their personal data is collected, for what purposes, and its sale to other entities.
The GDPR does not grant any protections to American Citizens, or anybody outside of the European Union. So why does the GDPR matter to an American? The GDPR has become a sort of “guideline” for American companies (think Google, Microsoft, and Facebook) as well as some states, especially California and Virginia.
In fact, if you have been on some websites with a popup bar near the bottom (location varies) asking for your consent to place “cookies” on your computer, you have the GDPR to thank!
The General Assembly of Virginia recently passed legislation which was signed into law by Governor Northam on March 2, 2021. The law, The Virginia Consumer Data Protection Act, goes into effect on January 1, 2023, and gives the Attorney General of Virginia investigative power and exclusive authority to enforce the Act.
Enforcement may include injunctions to stop violations and/or monetary penalties up to $7,500 per violation. Knowing how politicians like to make smaller numbers bigger, the amount per violation may be increased in the future.
The law states exactly who it applies to, but there is some ambiguity which hopefully the General Assembly of Virginia will clarify. The law (in part) appears below with an attempt to clarify the language:
After translating from legalese to “English”, the law applies to a person (natural and legal persons) that provides services (Google/Bing) or products (Walmart) to people living in Virginia in a calendar year, and process 100,000 or more consumers’ data.
It also applies to those who provide services and/or products in Virginia, and control or process personal data of 25,000 [Virginians we presume, but the law needs clarification] and have half of their gross revenue from the sale of personal data.
There are two types of “data” defined in the law, “personal” and “sensitive,” with personal data being a catch-all, and “sensitive data” being specifically defined. Personal data is information that is linked or linkable to a natural person.
Any publicly available information is fair game and not considered personal or sensitive data. Sensitive data includes, but is not limited to, a person’s race, religion, or sexual orientation. Sensitive information also includes a person’s precise location and a child’s information.
Consumers can now ask how their data is used, correct inaccuracies, delete data, or obtain a copy of their data. Consumers can also opt-out of targeted advertising and the sale of their data. Entities responsible for responding to consumers’ requests will have 45 days, with one extension available.
If an entity declines to take action, it must inform consumers that they can appeal (to the entity) and instruct the consumer how to do so, and if their appeal is denied, instruct them how to file a complaint with the Virginia Attorney General.
Contact us today to learn more about how we can help. We have offices located in Fairfax, Virginia and our lawyers have over 100 years of combined experience.
All employees in Virginia have rights and protections when it comes to wage theft, regardless…
What are some examples of racial harassment? Racial harassment can include racial slurs, jokes,…
Mediation and arbitration lawyers in Northern Virginia can help you resolve conflicts or legal issues…
If you believe you were fired unlawfully, you may need an attorney for wrongful termination…
Whether you have been presented with a non-disclosure agreement or are considering leaving your current…
Collective bargaining is a process by which unions and management negotiate contracts and determine terms…