TOP News

Politics: Virginia set to become second state to pass data privacy law

Giving plasma, chicken robbery, bar-free Mardi Gras: News from around our 50 states

  Giving plasma, chicken robbery, bar-free Mardi Gras: News from around our 50 states Yahoo Sports’ Matt Harmon counts down three deserving nominees from the Bucs 31-9 victory over the Chiefs, and then selects the Postseason Player of the Week presented by Honda.

Virginia is set to become the second state after California to pass data privacy legislation. The bill could become law as soon April when Gov. Ralph Northam is expected to sign a measure that has passed both chambers of the state legislature but is awaiting a few last-minute tweaks.

Ralph Northam wearing a suit and tie smiling and looking at the camera: Virginian Gov. Ralph Northam has signaled his approval for a data privacy law in his state. © Provided by Roll Call Virginian Gov. Ralph Northam has signaled his approval for a data privacy law in his state.

Known as the Consumer Data Protection Act, the law would go into effect Jan. 1, 2023 and would apply to all business that control or process data for at least 100,000 Virginians, or those commercial entities that derive at least 50 percent of their revenues from the sale and processing of consumer data of at least 25,000 customers.

Hillicon Valley: Krebs is back on Capitol Hill | Cybersecurity as 'preeminent threat' | News on data privacy and voter security

  Hillicon Valley: Krebs is back on Capitol Hill | Cybersecurity as 'preeminent threat' | News on data privacy and voter security Welcome to Hillicon Valley, The Hill's newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don't already, be sure to sign up for our newsletter by clicking HERE. Follow our cyber reporter, Maggie Miller (@magmill95), and tech team, Chris Mills Rodrigo (@chrisismills) and Rebecca Klar (@rebeccaklar_), for more coverage.Cybersecurity was in the spotlight on Capitol Hill today as Christopher Krebs returned to testify to the House Homeland Security Committee on cyber threats. Ahead of the hearing, The Hill spoke with two key committee leaders about their cyber priorities.

The law would exempt health care data and information collected for assessing credit worthiness. It would give consumers the right to determine whether their data is being collected and processed and ask for a copy of their data, correct inaccuracies, ask for the deletion of personal data, and opt out of the processing of personal data that may be used for targeted advertising, sale, or consumer profiling.

The Virginia law would put more pressure on Congress to pass a federal data privacy law. Other states are continuing to push similar legislation. Washington state, which has twice failed to pass a privacy bill, is once again taking up a measure this year.

Loading the player...

The European Union’s privacy legislation known as the General Data Protection Regulation or GDPR has been in force since May 2018.

Feeding the front line, whooping cranes, stadium crowds: News from around our 50 states

  Feeding the front line, whooping cranes, stadium crowds: News from around our 50 states How the COVID-19 pandemic is affecting every stateStart the day smarter. Get all the news you need in your inbox each morning.

“This is a big deal,” Virginia state Sen. David Marsden, a Democrat, who sponsored the Senate version of the bill, said in an interview. “People are being pestered to death, because of people selling our information,” he said talking about his motivation in promoting the legislation.

Marsden, 72, said he was still getting calls to refinance his college debt, even though “I never had anything to begin with.”

The legislation would allow Virginians to “have control over your data,” Marsden said.

Northam is likely to sign the legislation six weeks after the Virginia legislative session ends on March 1, Marsden said, adding that he expects any proposed amendments to be passed by both houses of Virginia’s General Assembly by then. Some of the potential changes include strengthening the office of the state attorney general, which will be in charge of implementing the law, he said.

Zuckerberg reportedly said Facebook needs 'to inflict pain' on Apple

  Zuckerberg reportedly said Facebook needs 'to inflict pain' on Apple While it's no secret that tensions are growing between Apple and Facebook, a report by The Wall Street Journal has shed more light on just how acrimonious the rift has become. Facebook CEO Mark Zuckerberg once reportedly told employees that "we need to inflict pain" on Apple in response to "extremely glib" comments made by his counterpart, Tim Cook. In the wake of the Cambridge Analytica scandal in 2018, Cook was asked what he'd have done if heIn the wake of the Cambridge Analytica scandal in 2018, Cook was asked what he'd have done if he were running Facebook at the time. He said that he wouldn't have found himself in such a situation in the first place, and criticized Facebook for invading user privacy.

Comparison to California law

The Virginia law differs from California’s in a few key ways.

Unlike the California privacy law, which applies to companies with annual gross revenue of $25 million or for-profit entities that possess and process data on 50,000 consumers, the Virginia law does not set a revenue threshold.

Doing away with a monetary threshold “cuts out game playing,” Marsden said, when companies engage in undercounting their revenues to escape the law.

Not having a revenue definition also may leave out small and medium-sized businesses, said Ashley Shively, attorney and partner in the law firm of Holland & Knight.

“The absence of the monetary threshold is unique,” Shively said. “And I think the potential result of that is that fewer businesses could fall within the scope” of the legislation, potentially exempting small and medium-sized businesses, she said.

And that is his goal, Marsden said, “because they just don’t have the bandwidth to deal with all of those issues” and forcing them might have put some small enterprises out of business, he said.

Preaching vaccines, bonnet scheme, well water: News from around our 50 states

  Preaching vaccines, bonnet scheme, well water: News from around our 50 states How the COVID-19 pandemic is affecting every stateStart the day smarter. Get all the news you need in your inbox each morning.

Leaving out small businesses while passing data privacy legislation may not be perfect but it’s still progress, he said.

The right to sue

The Virginia law also expressly prohibits private right of action. In other words Virginians cannot sue, unlike the California law. Although the California Consumer Privacy Act, which came into force in January 2020, already allowed consumers to sue companies for data breaches, California voters approved a new proposition in November that further expands the scope of protection.

The new proposition, called the California Privacy Rights Act, which goes into force Jan. 1, 2023, would allow consumers to sue not only for the breach of data under the state’s breach notification laws, but also include the breach of email addresses, passwords, and security questions that may allow unauthorized users to access a consumer’s account.

By expressly prohibiting private right of action, Virginia is closing any possible loopholes that may open the doors to plaintiff’s lawyers bringing lawsuits, Shively said.

Marsden said Virginia’s goal was to stop the misuse of personal data and not “turn this into another business” by creating opportunities for lots of lawsuits. He said the state attorney general would create a new office to enforce compliance, with an annual budget of about $400,000 that would be supplemented with fines and penalties.

If the state’s own enforcement mechanism doesn’t work as well as it ought to “you might consider something different someday, but right now this is the way to go,” Marsden said.

California’s private right of action provision has been a major sticking point in crafting a federal data privacy bill. While Democratic lawmakers have favored retaining the right or at least not ruling out the right to sue, Republican lawmakers have been opposed to a federal statute that would permit consumer lawsuits against tech companies.

If Congress is looking for an alternative, the Virginia law “is going to be a great model for the federal government,” Marsden said. “We need a national standard.”

The post Virginia set to become second state to pass data privacy law appeared first on Roll Call.

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit .
The video platform was accused of collecting biometric data without consent.The settlement, if approved, would lay to rest claims that the video content-sharing app, owned by Beijing-headquartered ByteDance, wrongfully collected the private and biometric data of users including teenagers and minors.

See also