The bill S.71 introduces the Vermont Data Privacy Act, which aims to enhance consumer data privacy and online surveillance protections for residents of Vermont. It establishes a comprehensive framework that includes definitions of key terms such as "consumer" and "personal data," and outlines the responsibilities of businesses that handle such data. The bill emphasizes the necessity of obtaining clear consent from consumers before processing their personal data, particularly for sensitive categories like health and biometric data. It also specifies the applicability of the regulations to businesses that control or process significant amounts of personal data, ensuring that larger entities are primarily targeted while providing exemptions for certain organizations, including state agencies and nonprofits.

Furthermore, the bill delineates consumer rights regarding personal data, allowing individuals to confirm data processing, correct inaccuracies, delete data, and opt out of specific uses like targeted advertising. It mandates that data controllers respond to consumer requests within a specified timeframe and allows consumers to designate authorized agents for data processing opt-outs. The bill also introduces new regulations for data controllers and processors, requiring compliance with consumer rights, data protection assessments for high-risk activities, and confidentiality agreements for handling consumer health data. The enforcement of these regulations will be overseen by the Attorney General, who will have the authority to address violations and ensure compliance, with the act set to take effect on July 1, 2026.

Statutes affected:
As Introduced: 9-2416(a), 9-2416
As Passed By the Senate -- Official: 9-2416(a), 9-2416