Vermont Legislature Passes Toughest Data Privacy Law in U.S. — Bill Awaits Governor’s Signature

Vermont lawmakers have taken a bold step by passing the nation's strictest state bill on online data privacy, using a novel strategy to bypass industry resistance. While the bill is similar to many others in the U.S. — it significantly restricts what personal data companies can collect and use, and it bars companies from selling consumers’ personal data — it is the first to include a private right of action, allowing individuals to sue companies directly for collecting or sharing their sensitive data without their consent.

The bill has created quite a stir from both industry and data privacy advocates. There are calls from the tech industry for the Governor to veto the bill, arguing that the legislation was rushed, and that it would put companies at a competitive disadvantage. But proponents of the bill, including data privacy experts, say that strong consumer protections are needed, especially in the absence of federal data privacy legislation.

Ultimately the fate of the bill is in Governor Phil Scott’s hands. He has five days to either sign or veto the bill once he receives it from the legislature. If he indeed signs, the bill’s private right of action will need to be reauthorized after two years.

‍

Other Privacy News of Note

Maryland Governor Signs Online Data Privacy Bills

Maryland Gov. Wes Moore signed two measures into law on Thursday that are aimed at better protecting personal data online from Big Tech, including a bill making Maryland the second state to try to create strong limits on information collected on children. The measure, known as the Maryland Kids Code, seeks to limit data that could be collected from children online and protect them from being flooded with harmful material they were not trying to find. Read more.

‍

Massive Dell Data Breach Hits 49 Million Users; What This Means for Your Privacy and Security

Computer maker Dell faced a huge security challenge after a cyberattack stole information for approximately 49 million customers. Dell confirmed that the type of information stolen includes people’s names, postal addresses, and Dell hardware and order information, such as service tags, item descriptions, order dates and different warranty information. Read more.

‍