Similarly, California and Minnesota privacy regulators require businesses to recognize a consumer’s use of Global Privacy Control (GPC), a browser selection that signals rejection of cookies and other trackers. Several other states also require such treatment of GPC signals, making GPC compliance essential. Automated Decision-Making. In 2025, the CCPA approved rules and regulations under the CCPA to address the use of automated decision— making technology in a significant decision concerning a consumer such as those affecting housing, employment, credit or insurance. If a business uses automated decision-making technology for significant decisions, the business is obligated to provide a detailed notice of their use of such technology and to conduct risk assessments for high risk use cases and cybersecurity audits for processing activities that pose a significant risk to consumers’ security. Virginia Virginia Governor Northam signed into law the Virginia Consumer Data Protection Act (VCDPA) on March 1, 2021. It became effective January 1, 2023. Not many were paying attention as the VCDPA flew through the Virginia Legislature, passing by overwhelming margin in fewer than two months. What are the implications of the VCDPA and how is it different than the CCPA or CPRA? The Virginia law differs from the California approach and adds a few operational challenges for businesses, including: • A broader affirmative consent or opt-in requirement to process sensitive personal data. • A broader opt-out right of processing personal data that covers not only sales of personal data, but also targeted advertising and profiling decisions that produce legal or similarly significant effects.
127
Made with FlippingBook - Online Brochure Maker