California and Virginia are leading the effort among states to enact new consumer data privacy laws that identify specific consumer privacy rights and introduce requirements for the commercial collection and processing of consumer data.
The California Consumer Privacy Act (CCPA) went into effect in 2020 and created an array of consumer privacy rights and business obligations regarding the collection and sale of personal information. The California Privacy Rights Act (CPRA) – sometimes referred to as “CCPA 2.0” – was a ballot measure approved by California voters in 2020, which significantly amended and expanded the rights and requirements set forth in the CCPA.
Virginia’s Consumer Data Protection Act (VCDPA) went into effect in Jan. 2023 and creates rights and obligations related to the processing of consumer data similar to the California laws, but with key differences around enforcement, exemptions, and how consumer rights are defined.
The following table provides an at-a-glance comparison of the key elements of each law; it is not meant to provide a comprehensive overview of each law’s provisions.
Our expert analysis, comprehensive coverage, news, and practice tools help you stay on top of the dynamic field of consumer data privacy so you can provide sound counsel to your clients and stakeholders. See it for yourself. Request a demo.