The bill S.71 introduces the Vermont Data Privacy Act, which aims to enhance consumer data privacy and regulate online surveillance within the state. It establishes a comprehensive framework that includes definitions for key terms such as "consumer" and "personal data," and outlines specific categories of sensitive data, including health-related information. The legislation mandates that businesses processing significant amounts of personal data must obtain clear consent from consumers and adhere to strict guidelines regarding data handling, including the prohibition of dark patterns in consent acquisition. It also delineates the responsibilities of data controllers and processors, emphasizing the need for transparency and consumer rights, such as the ability to confirm data processing, correct inaccuracies, and opt out of targeted advertising.

Furthermore, the bill introduces new provisions regarding consumer health data and outlines exemptions for certain entities, such as state agencies and nonprofit organizations. It establishes enforcement mechanisms through the Attorney General, who will oversee compliance and address violations, allowing a 60-day cure period for businesses to rectify issues before legal action is taken. The bill also includes new definitions and categories under the Securities Exchange Act of 1934, clarifying the scope of regulations for various entities. The act is set to take effect on July 1, 2026, providing time for affected parties to adjust to the new requirements.

Statutes affected:
As Introduced: 9-2416(a), 9-2416
As Passed By the Senate -- Official: 9-2416(a), 9-2416