The bill H.208, introduced by Vermont representatives, seeks to establish the Vermont Data Privacy and Online Surveillance Act, which aims to enhance data privacy protections for residents. It introduces a new Chapter 61A to Title 9 of the Vermont Statutes, providing comprehensive definitions related to data privacy, such as "consumer," "personal data," and "biometric data." The legislation outlines consumer rights regarding personal data, emphasizing the necessity for clear and affirmative consent for data processing, and prohibits manipulative design practices known as "dark patterns." It also establishes guidelines for handling sensitive information, including health and biometric data, while detailing the responsibilities of data processors and controllers.

Additionally, the bill modifies existing regulations by reducing the thresholds for applicability, lowering the number of consumers whose data processing triggers compliance requirements from 25,000 to 12,500, and from 12,500 to 6,250 for entities generating significant revenue from data sales. It grants the Attorney General enforcement powers, including the ability to issue notices of violation and allow a 60-day cure period for alleged violations. The bill mandates public education initiatives to inform consumers and data controllers about their rights and obligations, with staggered effective dates for various sections, including public education starting on July 1, 2025, and full implementation by July 1, 2026.

Statutes affected:
As Introduced: 9-2416(a), 9-2416