Consumer Protection

Your “Free” Usage of Some Websites May Cost You More than You Know

“If it’s free… you’re the product.” That saying has never been truer at any point in time than in 2021. If you use Facebook, Google, Snapchat, TikTok, or Amazon, then you are the product, no matter what service they provide you, and you’re the best-selling product they’ll ever have. Against such large multinational corporations what can you, as a consumer, do to protect your data?

General Data Protection Regulation (GDPR) in the European Union

Luckily (some) politicians and interest groups have noticed and are beginning to act against the misuse of our personal data. The European Union passed the General Data Protection Regulation (“GDPR”), which allows EU residents to have a say in how their personal data is collected, for what purposes, and its sale to other entities.

Private Right of Action Online

The GDPR also has what is called a “private right of action” which means that individuals, not just the government, are allowed sue and seek monetary damages for misuse of the individual’s data.

The GDPR does not grant any protections to American Citizens, or anybody outside of the European Union. So why does the GDPR matter to an American? The GDPR has become a sort of “guideline” for American companies (think Google, Microsoft, and Facebook) as well as some states, especially California and Virginia.

In fact, if you have been on some websites with a popup bar near the bottom (location varies) asking for your consent to place “cookies” on your computer, you have the GDPR to thank!

What is the Commonwealth of Virginia Doing to Protect Your Data?

The General Assembly of Virginia recently passed legislation which was signed into law by Governor Northam on March 2, 2021. The law, The Virginia Consumer Data Protection Act, goes into effect on January 1, 2023, and gives the Attorney General of Virginia investigative power and exclusive authority to enforce the Act.

Enforcement may include injunctions to stop violations and/or monetary penalties up to $7,500 per violation. Knowing how politicians like to make smaller numbers bigger, the amount per violation may be increased in the future.

Who Exactly Does The Virginia Consumer Data Protection Act Apply to?

The law states exactly who it applies to, but there is some ambiguity which hopefully the General Assembly of Virginia will clarify. The law (in part) appears below with an attempt to clarify the language:

  • This chapter applies to persons that conduct business in the Commonwealth or produce products or services that are targeted to residents of the Commonwealth and that
    • (i) during a calendar year, control or process personal data of at least 100,000 consumers OR
    • (ii) control or process personal data of at least 25,000 consumers and derive over 50 percent of gross revenue from the sale of personal data.
Understanding the Virginia Consumer Data Protection

After translating from legalese to “English”, the law applies to a person (natural and legal persons) that provides services (Google/Bing) or products (Walmart) to people living in Virginia in a calendar year, and process 100,000 or more consumers’ data.

It also applies to those who provide services and/or products in Virginia, and control or process personal data of 25,000 [Virginians we presume, but the law needs clarification] and have half of their gross revenue from the sale of personal data.

What Data is Protected?

There are two types of “data” defined in the law, “personal” and “sensitive,” with personal data being a catch-all, and “sensitive data” being specifically defined. Personal data is information that is linked or linkable to a natural person.

Any publicly available information is fair game and not considered personal or sensitive data. Sensitive data includes, but is not limited to, a person’s race, religion, or sexual orientation. Sensitive information also includes a person’s precise location and a child’s information.

What are Your New Digital Rights in Virginia?

Consumers can now ask how their data is used, correct inaccuracies, delete data, or obtain a copy of their data. Consumers can also opt-out of targeted advertising and the sale of their data. Entities responsible for responding to consumers’ requests will have 45 days, with one extension available.

If an entity declines to take action, it must inform consumers that they can appeal (to the entity) and instruct the consumer how to do so, and if their appeal is denied, instruct them how to file a complaint with the Virginia Attorney General.

Legal Representation for Constitutional Rights, Civil Rights, Business, and Commercial Law

Contact us today to learn more about how we can help. We have offices located in Fairfax, Virginia and our lawyers have over 100 years of combined experience.

John-David Coker

Share
Published by
John-David Coker

Recent Posts

Disability Discrimination Attorney Near Me | Fairfax, Virginia

Searching for a disability discrimination attorney near me? If you have been discriminated against due…

6 days ago

How to Hire a Lawyer Near Me in Fairfax, Virginia

Hiring a lawyer is a big step in legal proceedings. You want to choose the…

2 weeks ago

Understanding the Legalities of Political Expression and Harassment in a Virginia Workplace

Given the political environment, the possibility of political tensions spilling over into workplaces is increasingly…

3 weeks ago

Schedule a Consultation with an Estate Attorney-Fairfax

Many people avoid thinking about estate planning and retaining an estate planning attorney. While the…

4 weeks ago

Virginia Wage Collection Lawyer

All employees in Virginia have rights and protections when it comes to wage theft, regardless…

1 month ago

Race Discrimination Lawyer FAQs

What are some examples of racial harassment?   Racial harassment can include racial slurs, jokes,…

1 month ago