With a special session scheduled to begin Feb. 10, Virginia is poised to become the second state to pass comprehensive consumer privacy legislation. The Consumer Data Protection Act (CDPA) passed the Virginia Senate on Friday, Feb. 5, and has been referred back to the Virginia House to be reconciled. Seeing that the House previously passed an identical version of the CDPA on Jan. 29, reconciliation should proceed without event and we can expect to see the bill on the governor’s desk this month. The governor has seven days to act once the bill is presented to him. The governor can (1) sign the bill into law, (2) amend the bill and return it to the General Assembly for approval, (3) veto the bill, or (4) take no further action and let the bill automatically become law without his signature. The CDPA is both CCPA- and GDPR-inspired. It would grant consumers rights to access, correct, delete, and obtain a copy of personal data and to opt out of the sale of personal data, processing of personal data for the purposes of targeted advertising, and profiling (automated decision-making).

The CDPA would become effective on Jan. 1, 2023, the same date as the operative date of most provisions in the California Privacy Rights Act, which substantially amends the CCPA.

Stay tuned for a deeper, substantive dive into the CDPA.