The California Consumer Privacy Act (CCPA), which began to be enforced July 1 of last year, requires businesses to provide consumers the opportunity to opt out of their data being collected. And as of last week, Virginia is poised to join California in creating its own data privacy law. Here’s what marketers need to know about the bill, which if signed into law as expected will take effect on Jan. 1, 2023, according to a piece in AdExchanger.
Known as the Consumer Data Protection Act (CDPA), the bill is centered around consumers being able to opt in to data collection instead of opt out. The CCPA provides “a right to know and a right to be deleted,” according to Cillian Kieran, CEO and founder of privacy compliance startup Ethyca. But the CDPA is more far-reaching in that is provides “right of access, correction, deletion and portability.” The rights it gives to consumers are more similar to GDPR than CCPA.
When looking at the companies for which the act is applicable, the CDPA is looser than the CCPA, however. The Virginia bill does not set specific financial thresholds. Instead, it applies to businesses that possess data of at least 100,000 consumers or those that maintain more than 50 percent of their gross revenue from data sales of at least 25,000 consumers.
For more details on the CDPA in terms of defining the concept of “consumer” and how it will be enforced if signed into law, read more in AdExchanger.