The bill H.208, introduced by Vermont representatives, seeks to establish the Vermont Data Privacy and Online Surveillance Act, which aims to enhance data privacy and protect Vermonters from online surveillance. It introduces a new chapter (Chapter 61A) to Title 9 of the Vermont Statutes, providing comprehensive definitions related to data privacy, such as "consumer," "personal data," and "sensitive data." Key provisions include requiring clear and affirmative consent from consumers before processing their personal data, outlining the responsibilities of data controllers, and granting consumers rights to access, correct, and delete their personal data. The bill also emphasizes the need for businesses to implement reasonable security practices and handle minors' data with extra care.

Additionally, the bill modifies existing regulations by reducing the thresholds for applicability, lowering the number of consumers whose data processing triggers compliance requirements from 25,000 to 12,500, and from 12,500 to 6,250 for entities deriving significant revenue from data sales. It establishes that data controllers must conduct data protection assessments for high-risk processing activities and outlines the enforcement powers of the Attorney General, including the ability to issue notices of violation and allow a 60-day cure period for alleged violations. The bill also mandates public education initiatives to inform consumers and data controllers about their rights and obligations, with staggered effective dates for various sections, culminating in full implementation by July 1, 2026.

Statutes affected:
As Introduced: 9-2416(a), 9-2416