Bill S.71, introduced by a group of Vermont Senators, aims to strengthen data privacy and online surveillance protections for residents by establishing the "Vermont Data Privacy and Online Surveillance Act." This new chapter introduces key definitions such as "consumer," "personal data," and "biometric data," which form the foundation for consumer rights regarding their data. The bill emphasizes the necessity of obtaining clear and informed consent from consumers before processing their personal data, particularly for sensitive categories like health and biometric data. It also addresses the manipulation of consumer choices through "dark patterns" in user interfaces, aiming to create a comprehensive legal framework that enhances consumer control over personal information.

The legislation outlines specific rights for consumers, including the ability to access, correct, and delete their personal data, as well as opt out of certain processing activities. It mandates that data controllers respond to consumer requests within designated timeframes and emphasizes responsible data collection practices, particularly concerning minors. Additionally, the bill introduces requirements for data protection assessments for high-risk processing activities and clarifies the responsibilities of both data controllers and processors. Notably, it reduces the thresholds for applicability under the Act, lowering the number of consumers whose data processing triggers compliance requirements. The Attorney General is granted enforcement powers, including the ability to issue notices of violation and oversee public education initiatives about consumer rights and obligations under the Act.

Statutes affected:
As Introduced: 9-2416(a), 9-2416