Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.

Consumer Privacy Bill Fails in Vermont

Had the bill become a law, it would have given consumers the right to sue companies that violate their privacy.

Edge Editors, Dark Reading

June 20, 2024

2 Min Read
Vermont State House, Montpelier, Vermont VT, USA. Vermont State House is Greek Revival style built in 1859.
Source: Wangkun Jia via Alamy Stock Photo

The Vermont General Assembly this week failed to override Gov. Phil Scott's veto of H.121, a bill that would have given the state one of the strongest data privacy protection laws in the US. While the Vermont House voted 128-17 to override, the state Senate voted 14 yeas to 15 nays, leaving the governor's veto standing and killing the bill.

The bill, officially named "An act relating to enhancing consumer privacy and the age-appropriate design code," notably contained a right-of-action provision that would allow consumers to sue companies that misused their sensitive data. The other half of the bill, dubbed "Kids Code," would have required online services targeted at people under 18 years old to account for privacy and to ensure that all content kids could access was appropriate for children.

In his June 13 letter to the General Assembly, Gov. Scott said he was vetoing the bill because the data privacy component would create a hostile business environment in the Green Mountain State. Scott also noted that the Kids Code part of the bills brought up First Amendment issues that California was already dealing with in courts. He recommended that Vermont adopt Connecticut's less litigious data privacy law to address the first half and wait for California to straighten out legal challenges to the second.

Companies might breathe a sigh of relief to avoid having to meet yet another set of data privacy requirements. If an organization conducts business in the European Union, for example, it has to comply with the General Data Protection Regulation (GDPR). As many as 19 US states have passed data privacy laws of their own, according to an industry interest group. And while federal data privacy legislation is still under development, US President Joe Biden issued an executive order at the end of February to firm up policies about how user data is handled nationally and internationally.

About the Author(s)

Edge Editors

Dark Reading

The Edge is Dark Reading's home for features, threat data and in-depth perspectives on cybersecurity.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights