The right to privacy is an element of various legal traditions to restrain governmental and private actions that threaten the privacy of individuals. Over 150 national constitutions mention the right to privacy. In the 1948 Universal Declaration of Human Rights Article 12, the United Nations states . . . .
Virginia is about to get a major California-style data privacy law
If adopted, the Consumer Data Protection Act would apply to entities of a certain size that do business in Virginia or have users based in Virginia. The bill enjoys broad popular support among state lawmakers; it passed 89-9 in the Virginia House and unanimously (39-0) in the state Senate, and Democratic Gov. Ralph Northam is widely expected to sign it into law without issue in the coming days.
The CDPA applies to entities that “control or process” personal information of 100,000 or more Virginia residents in a calendar year or to entities that make 50 percent or more of their gross revenue from the sale of personal data if they hold information about at least 25,000 residents. Basically, the big data brokers and companies with a major online presence would all be covered, but small businesses would not be. Under the law, these entities that determine “the purpose and means of processing personal data” are called “controllers.”
The bill contains wide carve-outs specific types of data and covered entities that are already regulated under laws such as HIPAA, the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act, and educational privacy law FERPA.
Notably, the Virginia bill does not include any private right of action whatsoever over violations, meaning you can’t sue if your rights are being violated under the law; only the Virginia attorney general’s office can pursue a case.