As expected, the start of 2021 has seen unprecedented movement in the U.S. with 22 states introducing comprehensive privacy legislation and even more introducing specific-use legislation. To date, hundreds of privacy bills were introduced across the states; to give some perspective, more than 50 privacy bills were introduced in New York alone. Undoubtedly a hot topic, it seemed anyone with an idea for a privacy bill put it in writing and introduced it to their legislature.Most state legislatures are still working their way through the bills, but even so there are trends emerging that can help us understand how privacy is shaping up in the U.S. For example, many bills extend the standard consumer privacy rights of access, deletion and correction; the opt-out model for the sale of personal information is also popular. And bills that do these things while protecting businesses from the private right to action seem to advance with much less fanfare — and opposition.Virginia’s Consumer Data Protection ActVirginia is the only state to pass a comprehensive privacy bill into law so far this year. Modeled after the proposed Washington Privacy Act, Virginia’s Consumer Data Protection Act
gives consumers the right to access, correction, deletion, and portability and obligations for data processors are fairly straightforward. One unique element of CDPA among U.S. proposals is that it requires data protection assessments for certain processing activities, reminiscent of requirements under the EU General Data Protection Regulation
.While Virginia deserves credit for crossing the finish line first, its law is underwhelming in terms of privacy protections on the global stage. With its opt-out model for targeted advertising, selling personal information and profiling and its lack of a private right of action, it lags be ..