The bill S.71 introduces the Vermont Data Privacy Act, which aims to enhance consumer data privacy and online surveillance protections within the state. It establishes a comprehensive framework that includes definitions of key terms such as "consumer" and "personal data," and outlines specific categories of sensitive data, including health-related information. The legislation mandates that businesses processing personal data must obtain clear consent from consumers and provides individuals with rights to confirm, correct, delete, and opt out of data processing activities. It also specifies the applicability of the regulations to businesses that handle significant amounts of consumer data and sets forth exemptions for certain entities, such as state agencies and nonprofit organizations.

Additionally, the bill outlines the responsibilities of data controllers and processors, emphasizing the need for compliance with consumer rights and data protection measures. It requires data controllers to limit data collection, implement security measures, and provide clear privacy notices. The Attorney General is granted exclusive authority to enforce the provisions of the act, with a notice of violation process that allows for a 60-day cure period. The bill also introduces new definitions related to the Securities Exchange Act of 1934, clarifying the scope of the law and establishing an effective date of July 1, 2026, for the new regulations.

Statutes affected:
As Introduced: 9-2416(a), 9-2416
As Passed By the Senate -- Official: 9-2416(a), 9-2416