The Virginia Data Protection Act will not reach its full potential without allowing users to invoke their new opt-out rights through a universal signal such as the global privacy control. If the law requires users to individually opt-out on a site by site basis, it will not only fail to regain consumer trust across the web but it will also continue to undermine the value of the very publishers who do maintain the user’s trust.
User expectations. There is clear research, and common sense, that the tracking and data collection by a company that the user doesn’t even know exists is very outside her expectations. This is likely a primary case where a user would want to send an opt-out signal. And even if the user does know the company exists, she likely doesn’t want her data collected when she’s not choosing to interact with the company. Without a universal signal like the global privacy signal, there is no practical way for a consumer to opt out of tracking across the web by third parties they don’t know.
Business value: ***Without improvements to the law, the companies far more likely to receive an opt-out are the sites she actually chooses to visit on a regular basis. And the companies who the user trusts and determines she doesn’t need to opt-out have no business benefit over the hidden actors and ubiquitous trackers who collect her data.*** This isn’t the intention of the law nor does it align with the expectations of Virginians.
Easy solution: A user should be able to send a signal that the only company she wants to have access to her data is the company controlling the website she chooses to visit and interact. This legal framework is consistent with European, California and Colorado law and a global privacy control is an incredibly simple, persistent and easy to implement solution to invoke the rights. We urge you to consider it as an improvement to your law.
The Virginia Data Protection Act will not reach its full potential without allowing users to invoke their new opt-out rights through a universal signal such as the global privacy control. If the law requires users to individually opt-out on a site by site basis, it will not only fail to regain consumer trust across the web but it will also continue to undermine the value of the very publishers who do maintain the user’s trust. User expectations. There is clear research, and common sense, that the tracking and data collection by a company that the user doesn’t even know exists is very outside her expectations. This is likely a primary case where a user would want to send an opt-out signal. And even if the user does know the company exists, she likely doesn’t want her data collected when she’s not choosing to interact with the company. Without a universal signal like the global privacy signal, there is no practical way for a consumer to opt out of tracking across the web by third parties they don’t know. Business value: ***Without improvements to the law, the companies far more likely to receive an opt-out are the sites she actually chooses to visit on a regular basis. And the companies who the user trusts and determines she doesn’t need to opt-out have no business benefit over the hidden actors and ubiquitous trackers who collect her data.*** This isn’t the intention of the law nor does it align with the expectations of Virginians. Easy solution: A user should be able to send a signal that the only company she wants to have access to her data is the company controlling the website she chooses to visit and interact. This legal framework is consistent with European, California and Colorado law and a global privacy control is an incredibly simple, persistent and easy to implement solution to invoke the rights. We urge you to consider it as an improvement to your law.