The bill S.71 introduces the Vermont Data Privacy Act, which aims to create a comprehensive framework for consumer data privacy and online surveillance in Vermont. It defines key terms such as "consumer" and "personal data," and outlines the conditions under which personal data can be processed, emphasizing the need for clear consumer consent. The act applies to businesses that control or process significant amounts of personal data, establishing thresholds based on consumer numbers and revenue. It also addresses the use of "dark patterns" in user interfaces and mandates transparency in data processing practices, thereby enhancing consumer rights and holding businesses accountable for their data handling.

Additionally, the bill outlines specific consumer rights, including the ability to confirm data processing, correct inaccuracies, delete data, and opt out of certain activities. It requires data controllers to respond to consumer requests within a specified timeframe and allows consumers to designate authorized agents for opting out. The bill also introduces new regulations for data controllers regarding the handling of personal data, including the necessity of obtaining consent for sensitive data and implementing security measures. Furthermore, it establishes enforcement mechanisms through the Attorney General, who will address violations and provide a 60-day cure period for compliance. The act is set to take effect on July 1, 2026, allowing time for affected entities to adjust to the new regulations.

Statutes affected:
As Introduced: 9-2416(a), 9-2416
As Passed By the Senate -- Official: 9-2416(a), 9-2416