TrueVault | Virginia Passes New Privacy Protections for Minors

July 24, 2024

Virginia Passes New Privacy Protections for Minors

Virginia has approved strong children's data privacy laws which could potentially affect a huge number businesses. Learn about the new rules here.

table of contents

If there’s one thing politicians can agree on right now, it’s that children’s data privacy is a top priority. From the FTC’s ongoing revision of COPPA rules to California’s Age-Appropriate Design Code Act, lawmakers are paying a lot of attention to how tech companies are collecting, using, and sharing kids’ personal information.

Accordingly, the Virginia General Assembly recently passed amendments to the Consumer Data Protection Act (VCDPA) that significantly strengthen privacy protections for state residents under the age of 13.

What Are the New Rules?

The state legislature passed two identical bills regarding children’s data: SB 361 and HB 707. Here are the major components of the new rules. Bear in mind, these requirements are in addition to obtaining consent for any processing of children's data.

Businesses may not process children’s personal data:
- Unless the processing is necessary to provide an online service, product, or feature;
- For any purpose other than what was disclosed to the consumer, or another purpose that is reasonably necessary for and compatible with that purpose; OR
- For longer than is necessary to provide an online service, product, or feature
Businesses may not process children's data for purposes of targeted advertising, selling the data, or profiling in furtherance of decisions that produce legal or similarly significant effects;
Businesses may not process the precise geolocation of children unless:
- It is necessary to provide an online service, product, or feature; AND
- The business provides a signal to alert the child that it is tracking their location
A data protection assessment is required for any online service, product, or feature that is directed to known children.

The effective date for new provisions is January 1, 2025.

‍

Disclaimer: This content is provided for general informational purposes only and does not constitute legal or other professional advice. Without limiting the foregoing, the content may not reflect recent developments in the law, may not be complete, and may not be accurate or relevant in an applicable jurisdiction. This content is not a substitute for obtaining legal advice from a qualified licensed attorney in the applicable jurisdiction. The content is general in nature and may not pertain to specific circumstances, so it should not be used to act or refrain from acting based on it without first obtaining advice from professional counsel qualified in the applicable subject matter and jurisdictions.

previous chapter

next chapter

Dive into a world of knowledge, trends, and industry updates on the TrueVault blog.

September 9, 2024

Dark Patterns in the Spotlight in New CPPA Enforcement Advisory

The California Privacy Protection Agency is putting the business community on notice again with its second enforcement advisory, focusing now on confusing and deceptive UI designs.

September 6, 2024

Protect Your Business from CIPA Lawsuits

California Invasion of Privacy Act (CIPA) demand letters have become the scourge of many businesses. Find out how to avoid becoming a target for litigation.

August 30, 2024

New CA Law Mandates Support for Opt-Out Signals

California lawmakers have passed a critical update to the CCPA, making support for privacy opt-outs mandatory for web browsers and mobile operating systems.

Privacy laws are here.
Are you ready?

Say goodbye to privacy headaches and hello to easy compliance with TrueVault.

TrueVault is not a law firm and its services are not a substitute for obtaining legal advice from a qualified licensed attorney.

What Are the New Rules?

Other related blog posts

Privacy laws are here.Are you ready?

Privacy laws are here.
Are you ready?