The state of Virginia just passed a data privacy law. The law applies to all entities that do business in Virginia that control or process personal data of at least 100,000 residents or that earn at least 50 percent of gross revenue from the sale of personal data and control or process data of at least 25,000 residents. Among other things, it gives consumers the right to opt out of having their data used for targeted advertising and requires firms to gain affirmative consent to process “sensitive data concerning a consumer” as defined in the text of the bill. Virginia is the second state to regulate data privacy at the state level, following California which passed similar legislation in 2018.
State regulation of data privacy could lead to inconsistent standards that according to Jennifer Huddleston might “splinter the internet” and raise costs. It would be better to have more uniform federal regulation of privacy, but care must be taken to make sure that the regulation is not too strict.
Heavy-handed regulation of privacy, such as the European Union’s General Data Privacy Regulation (GDPR), discourages the mutually beneficial exchange of information that has facilitated the growth of online markets. It makes it harder for internet platform companies to use the data they collect about users to earn advertising revenue that covers the cost of providing users with information and services that they value. In the process, it makes it more difficult for smaller startup firms to compete with giants like Google, Amazon, and Facebook.
Read Full Article »