Not all of the provisions of the law were contested. Those that were not contested included: • Collecting precise location information only if it is strictly necessary and other restrictions are followed. • Not engaging in “dark patterns” to encourage children into sharing more information than necessary for the service. • Using information collected to estimate age for any purpose other than estimating age. As we await further rulings on the Age Appropriate Design Act, companies that offer online services to children should keep in mind the law’s non-DPIA requirements, other similar laws, and the likelihood that the California AG will move forward with the fight to keep the law on the books and to enforce it. Virginia Virginia Governor Northam signed into law the Virginia Consumer Data Protection Act (VCDPA) on March 1, 2021. It became effective January 1, 2023. Not many were paying attention as the VCDPA flew through the Virginia Legislature, passing by overwhelming margin in fewer than two months. What are the implications of the VCDPA and how is it different than the CCPA or CPRA? The Virginia law differs from the California approach and adds a few operational challenges for businesses, including: • A broader affirmative consent or opt-in requirement to process sensitive personal data. • A broader opt-out right of processing personal data that covers not only sales of personal data, but also targeted advertising and profiling decisions that produce legal or similarly significant effects.
124
Made with FlippingBook - Online Brochure Maker