Thanks to forward-looking leaders in Richmond, commonwealth residents are about to regain more control over their personal data.
When Gov. Ralph Northam signed the Consumer Data Protection Act into law early in March, Virginia became the second state in the nation to enact a law protecting the data privacy of consumers.
The measure passed with bipartisan support, as it should have. Democrats and Republicans can agree that in the Internet age, protecting the private information of individuals is more difficult and more important than ever. Who hasn’t been unsettled by being targeted with online ads almost immediately after researching something, making a purchase online or casually using a smartphone app?
Good for Virginia for being on the leading edge of an effort to do combat this increasingly troubling problem. The law enacted here is similar to one passed earlier by California, which in turn draws on data protection laws in the European Union. Other states are beginning to take similar action.
The primary goal of Virginia’s law is to give individuals the right to make decisions about who gets to collect — and often profit from — our personal data. As people have become more dependent on smartphones and the internet, many are only vaguely aware of how much of our personal data is in the hands of tech giants and other big corporations.
Most of us try to protect such vital information as our Social Security numbers and banking information. But big companies are watching what we buy, read and look up. Often, they use that data to create profiles outlining what they think they know about our age, race, politics, education level and interests. They use that data themselves or sell it to others.
This law will make it easier for consumers to know how big businesses intend to use their data. It will give people the opportunity to opt out of having their information used for marketing and other purposes. It will let consumers get copies of their online data, which they could then delete or amend.
The law will put limits on how big companies can use and sell the data they glean from consumers they deal with, if individual consumers so decide.
The law says it affects companies that have personal data for at least 100,000 consumers in the commonwealth, or ones that make more than 50 percent of their income from selling personal data of at least 25,000 consumers in Virginia. In effect, though, the law is likely to change the data collection and use habits of smaller companies as well. That’s what has happened as California has put its law into effect.
Virginia is a leader in a broader movement that also is beginning to affect the way some tech giants do business. Google, Apple and some other companies are making changes that should help customers everywhere have a better idea of who’s collecting their data and how the data might be used. Some corporate policies are changing to let people opt in, rather than opt out, to data collection rather than discovering after the fact that it’s happening.
Virginia’s law won’t take effect until 2023, which means companies doing business here should have plenty of time to figure out how to comply. The state attorney general’s office, the Joint Commission on Technology and Science, and other state agencies should be working to guide companies and businesses on how to meet the new regulations.
The state will have the power to collect fines from companies that are in violation. That money will go into a special fund dedicated to protecting consumer privacy.
The new law is a major step forward in protecting consumer data in the internet age. More control of personal data is being put where it belongs, in the hands of individuals. Now it is up to us to educate ourselves, read the fine print and take action to protect our data privacy.