Praised – and criticized – as one of the strongest data privacy measures in the country, Vermont’s privacy law passed the legislature last month only to be vetoed yesterday by the Governor.

The bill would have given Vermont residents the right to file lawsuits against companies that violate their privacy rights. There was little doubt that the bill would of sailed through without the private right of action – it had a ton of opposition from business groups and big tech.

I had the privilege of speaking with Monique Priestley, one of the bill’s sponsors and a brave advocate for consumer rights. It’s clear that people’s ability to sue violators scares Big Tech and data brokers for all the right reasons, but it scares small businesses as well. So the private right of action was limited to data brokers and large companies processing the data of at least 100,000 Vermonters, and that was enough to appease hesitant legislators, but it was not enough to stay the Governor’s veto.

I recently wrote in an opinion piece in Statescoop that:

There are more than 500 data brokers in the U.S. who are secretly collecting your data — via your cell phone, credit cards, apps and more — forming a map and profile of every moment of your digital day and then selling it to the highest bidder.

That is who the governor’s veto protected. 

The veto didn’t protect the Main Street shop or bar, or the maple farms that jot down emails for newsletters and loyalty programs. The law wouldn’t have done a thing to the retail site that suggests a pair of pants because you clicked on a matching shirt. People understand that data is at the heart of the value exchange with business, and they deserve transparency and choice in how that data is collected and used.

The proposed law would have empowered individuals to identify and act on privacy violations, and exercising that right shouldn’t be something that businesses who build trust with their customers should worry about. Responsible data practices should be the status quo for every business that we trust with our data.

Explaining the veto, the governor said the bill was “a national outlier and more hostile than any other state to many businesses and nonprofits.” When it comes to data privacy, being an outlier should be a point of pride in a state that holds strong to ideals of the independent American spirit.

As for Vermont’s privacy aspirations hurting small businesses? Limiting the private right of action to large companies should’ve quashed those concerns. But still, he vetoed.

Read My Full Opinion Piece

The veto could still be overridden but, even if it dies on Governor Scott’s desk, I want to applaud the legislators who worked on the bill. I hope it becomes a framework for strong and fair data policy across the country.

Conversations in Ethical Tech

In this episode, JJ and Maritza explore the concept of dark patterns, meaning deceptive design practices that manipulate users into taking actions they didn't intend to.

• How does the choice architecture of the tech products you use impact your personal privacy and data protection?

• How can good product design and business outcomes be balanced against avoiding deceptive practices?

• Learn a few common-sense suggestions that you can take as a developer, leader, or consumer, including providing feedback to companies, filing complaints with regulatory bodies, and raising awareness about dark patterns.

Listen Now!

Listen to the Latest Podcast

What We’re Reading on Ethical Tech This Week

• Statescoop - One governor’s veto won’t stop the momentum on data rights for all

  • Read the fuel piece excerpted above by JJ

Share

• Bloomberg - Hackers Auction Off Stolen LendingTree Consumers’ Data

  • Hackers are selling data about consumers of the LendingTree subsidiary QuoteWizard after the company detected unauthorized access on a cloud database hosted by Snowflake, but the size and scope of the leak is still being investigated.

• Digiday - WTF is a financial media network?

  • Why are financial firms creating their own ad networks, and how will consumers be affected?

• Digiday - What it will take for advertisers to finally get ready to let go of the third-party cookie

  • What innovative solutions are advertisers discovering as they adapt to a world without third-party cookies, and what does it mean for privacy?

• Tech Monitor - Meta training AI products through user data breaks European law, claim activists

  • What surprising changes in Meta’s new privacy policy are shaking up the AI landscape under GDPR?

• Office of the Privacy Commissioner of Canada - Trust, innovation, and protecting the fundamental right to privacy in the digital age

  • Canada’s Privacy Watchdog weighs in on rights under the new AI paradigm