What’s in the VCDPA?
Here’s the skinny on the who, what, and how of the VCDPA.
- If a controller sells personal data to third parties or processes personal data for targeted Advertising, it must clearly and conspicuously disclose such processing, as well as the manner in which a consumer may exercise the right to opt out of such processing.
- Sale of personal data means the exchange of personal data for monetary consideration by the controller to a third party. It does not include disclosure (1) to a processor processing data on behalf of the controller; (2) to a third party for purposes of a product or service requested by the consumer; (3) to a controller’s affiliate; (4) of information a consumer intentionally made available to the general public via mass media and did not restrict to a specific audience; and (5) to a third party as an asset that is part of a business transaction where the third party assumes control of the controller’s assets.