All Blog Posts
December 20, 2022

Concord Privacy News: 12/20/22

Virginia's Consumer Data Protection Act (VDCPA) goes into effect on January 1st along with California's CPRA; Meta to face ads reckoning and Microsoft moving on data localization.

Virginia Privacy Regulations Take Effect January 1

Virginia becomes first East Coast state to enact data privacy legislation, joins CPRA in taking effect January 1, 2023

Last month, we shared that the California Privacy Rights Act fully takes effect on January 1, 2023. But, it’s important to know that another state regulation – the Virginia Consumer Data Protection Act (VCDPA) will also go into effect on that date. VDCPA, signed into law in March 2021, is the first data privacy legislation on the East Coast, incorporating concepts from GDPR and CPRA.

VCDPA applies to consumer-facing businesses (not B2B) who either operate in Virginia or who target consumers in Virginia, regardless of the state in which the company operates, and who collect personal information from more than 100,000 Virginia consumers annually. The act requires these companies to meet certain cybersecurity requirements, such as posting privacy notices, maintaining administrative, technical, and physical data security practices, and completing protection assessments of their data collection and processing activities. The act also requires companies to offer certain privacy rights to consumers, such as the right to access and edit their data, as well as to opt out.

Are your data security measures, personal data processing activities, and privacy policies ready to comply? Concord can help. Learn more at

Other Privacy News of Note

Meta’s Behavioral Ads Will Finally Face GDPR Privacy Reckoning in January

Major privacy complaints targeting the legality of Meta’s core advertising business model in Europe have finally been settled via a dispute resolution mechanism baked into the EU’s General Data Protection Regulation (GDPR). The complaints, which date back to May 2018, take aim at the tech giant’s so-called forced consent to continue tracking and targeting users by processing their personal data to build profiles for behavioral advertising, so the outcome could have major ramifications for how Meta operates if regulators order the company to amend its practices. Read More

Microsoft to Start Multi-Year Rollout of EU data localization offering on January 1

Microsoft will begin a phased rollout of an expanded data localization offering in the European Union on January 1, it said today. The EU Data Boundary for the Microsoft Cloud, as it’s branding the provision for local storage and processing of cloud services’ customer data, is intended to respond to a regional rise in demand for digital sovereignty that’s been amplified by legal uncertainties over EU-U.S. data flows stemming from the clash between the bloc’s data protection rights and U.S. surveillance practices. Read More