with Aaron Schaffer

Gov. Ralph Northam just made Virginia the second state in the nation to adopt its own data protection rules. 

The data privacy legislation signed into law on Tuesday, known as the Consumer Data Protection Act, will allow residents of the commonwealth to opt out of having their data collected and sold, similar to a California law that went into effect last year. Under the new law, Virginia resident also can see what data companies have collected about them, and correct or delete it. 

It had broad support from the tech industry, including Amazon, which is building an Arlington, Va., headquarters. (Amazon founder Jeff Bezos owns The Washington Post.) 

The Virginia law is widely viewed as more industry-friendly than the California provision. 

Privacy advocates have called for Virginia to adopt some of California’s provisions that make it easier for people to opt out of data collection from multiple companies. The Virginia law also does not allow individuals to bring lawsuits against tech companies for violations and will be enforced by the state’s attorney general, not a separate enforcement agency.

The law is expected to take effect on Jan. 1, 2023. It also would require companies to get permission before collecting particularly sensitive types of data related to racial or ethnic origin, genetic data and geolocation.

State Sen. David Marsden (D), a sponsor of the bill, said the law’s passage would allow Virginia to “take the lead in data privacy in the United States.”

“This omnibus bill is clear, concise, and holds companies accountable for protecting consumer data in providing protections for consumers,” Marsden said in a statement.

Virginia’s new law signals that states increasingly are taking on tech regulation after years of lack of action in Congress. 

Many other states, including Washington and New Jersey, are considering privacy legislation. Utah is considering legislation that is very similar to the Virginia bill.

A growing patchwork of state laws could create more pressure on Congress to move forward on federal privacy legislation. Many proposals have been introduced at the federal level and faltered under partisan divisions, but as more states enact legislation, the tech industry may increase pressure for a national act so that it only has to abide by a single set of rules, rather than many different state regulations.

Privacy advocates largely see the Virginia law as a mixed bag. 

Although they have applauded Virginia for acting on consumer privacy, they are calling policymakers in the state to consider adding more protections before the law takes effect.

“While we’re pleased that Virginians will have new privacy rights, legislators should continue working in the next session to strengthen it,” Maureen Mahoney, senior policy analyst for Consumer Reports, said in a news release. “This bill has some important privacy provisions, but consumers need more practical options for controlling their data.”

Consumer Reports and other privacy advocates previously called on Virginia lawmakers to consider adding a requirement for a global opt-out browser setting, which people could turn on to alert companies that they want as little of their data collected as possible. They also requested that policymakers update the law to ensure that people can authorize outside agents to make requests on their behalf about how companies use their data.

“This is an important first step in providing vital privacy protections to Virginians,” said U.S. Sen. Mark Warner (D-Va.), a former venture capitalist who has advocated for greater regulation of the tech industry.

Warner called for a similar changes to make it easier for Virginians to opt out of data collection, as well as protections to specifically address online advertising and tactics that tech companies use to trick people into handing over their data. He has previously introduced legislation in Congress to address those concerns.

Northam’s administration will have an ongoing work group to continue to strengthen the law’s consumer protections.

In an interview last month, Virginia Del. Cliff Hayes Jr. (D), who introduced the bill in the House, said policymakers hope to consider such changes in the future, but they decided to begin with a basic framework to ensure that Virginia residents had baseline privacy protections.

“We learned that some of the other states were trying to take on so much that in the time frame you have to pass legislation, it bogs it down,” he said.

He also said that he wanted to propose legislation in the future that specifically addresses data privacy concerns related to artificial intelligence and facial recognition.

A spokeswoman for the Virginia governor did not immediately respond to a request for comment.

Our top tabs

Google will stop selling ads based on people's browsing across multiple websites. 

The company plans next year “to stop using or investing in tracking technologies that uniquely identify web users as they move from site to site across the internet,” the Wall Street Journal's Sam Schechner and Keach Hagey write

It's a change “that could hasten upheaval in the digital advertising industry": “The decision, coming from the world’s biggest digital-advertising company, could help push the industry away from the use of such individualized tracking, which has come under increasing criticism from privacy advocates and faces scrutiny from regulators….Google’s heft means that its move is also likely to stoke a backlash from some competitors in the digital ad business, where many companies rely on tracking individuals to target their ads, measure their effectiveness and stop fraud." 

Fake Twitter bots went wild after the U.S. blamed the Saudi crown prince for the killing of Jamal Khashoggi. 

“Saudi-based Twitter accounts using fake profile pictures, repetitive wording and spammy tactics sought to undermine the conclusion by U.S. intelligence officials, made public Friday, that Crown Prince Mohammed bin Salman ‘approved’ the operation that led to the killing of [the] Washington Post contributing columnist,” Craig Timberg and Sarah Dadouch report

The Saudi accounts sought to deflect blame from the crown prince, and partly targeted an American audience by directly responding to tweets by several U.S.-based news organizations, including The Post. “The case of Khashoggi is already closed with the criminals in jail for what they did,” was an example of a Twitter comment repeatedly posted on Saturday in response to multiple news organizations. 

“The source of the influence campaigns could not be definitively determined, said both independent researchers and Twitter, which said it had recently closed thousands of Saudi accounts for platform manipulation and other violations,” our colleagues write. “But the operation targeting tweets by American news organizations, using dozens of inauthentic accounts that previously had posted nonpolitical content in Arabic, ‘aligns with operations the Saudis have conducted on social media in the past,’ according to an analysis by Advance Democracy, headed by former FBI analyst and Senate investigator Daniel J. Jones, who led the review of the CIA’s torture program.” 

Workers at Glitch signed a historic collective bargaining agreement.

The 11-month agreement went into effect on Sunday, the Verge’s Zoe Schiffer reports. It’s the tech industry’s first collective bargaining agreement that has been signed by white-collar workers, and it includes “just cause” protections that make it harder for workers to be fired at the tech company, which gives users the ability to build interactive Web apps.

Another provision would force Glitch to offer jobs to employees who were laid off during the coronavirus pandemic if the company rehires for their positions. Eighteen people, around one-third of the company, were laid off in May.

Ninety-percent of workers at the company voted to unionize last year, and the company voluntarily recognized the union, a stark contrast to efforts by other tech companies that have tried to stem the tide of unionization.

Biden’s pick to lead the SEC signaled increased scrutiny of Robinhood and cryptocurrencies.

Gary Gensler, a chair of the Commodity Futures Trading Commission under President Barack Obama, said that the Securities and Exchange Commission should look into the “gamification” of stock market trading, the AP’s Marcy Gordon reports. Gensler’s confirmation comes amid congressional scrutiny of Robinhood, Reddit and weeks of social-media-driven market volatility.

“What does it mean when you have behavioral prompts to get investors to do more transactions? We’re going to have to study that and think about it,” Gensler said.

Gensler also addressed cryptocurrency at the Senate hearing, saying that rooting out fraud and manipulation from cryptocurrency markets is a challenge for the SEC. Bitcoin declined as much as 3 percent in New York trading.

The Senate confirmed Biden’s pick to lead the Commerce Department.

Gina Raimondo, the Democratic governor of Rhode Island, was confirmed by a vote of 84 to 15, David J. Lynch reports. She is expected to be sworn in today, and major industry groups including BSA, USTelecom and ITI have already applauded her confirmation.

Raimondo alarmed Republicans when she declined to commit to keeping Chinese tech giant Huawei Technologies Co. on a key department blacklist that the Trump administration used to punish Chinese companies. Raimondo eventually said she sees “no reason” why Huawei and other Chinese companies shouldn’t remain on the restricted trade list. 

Rant and rave

Alan Rusbridger, a founding member of Facebook's oversight board, told a UK House of Lords panel that “at some point we’re going to ask to see the algorithm” the company uses. Harvard Law School lecturer Evelyn Douek:

Gizmodo senior reporter Dell Cameron:

Rusbridger, a former editor of the Guardian, reacted to hearing that he is “about to receive one almighty flow diagram”:

Hill happenings

The FBI director blasted tech companies for their stance on encryption.

Christopher A. Wray warned that extremists are using encrypted apps and that “we will all rue the day” when law enforcement agencies are no longer able to get access to digital evidence because of the spread of encryption technology. He also asserted that the FBI doesn't want back doors into encrypted apps and it instead wants “legal access” to encrypted communications. 

But critics say that the FBI's position doesn’t square with reality because that access would defeat encryption's purpose. “The FBI's demand for the power to spy on end-to-end communications undermines [end-to-end] encryption and makes everyone less safe,” Electronic Frontier Foundation cybersecurity director Eva Galperin tweeted. “I don't care what you call it.”

Trending

Mentions

  • Seth Harris, a former acting and deputy labor secretary in the Obama administration, has joined the Biden administration as deputy assistant to the president for labor and the economy. Harris has argued that gig workers should not be classified as employees or independent contractors, and should instead be in a separate category or “independent workers.”
  • Former House Judiciary Committee chairman Bob Goodlatte, a Republican who represented Virginia, registered to lobby for Protect The First, Inc., which is described in a filing as a nonprofit, effective Jan. 4. According to a filing, Goodlatte is lobbying on the PACT Act, a proposal by Sens. John Thune (R-S.D.) and Brian Schatz (D-Hawaii) to change Section 230. Thune said last month that they plan to introduce the bill.

Daybook

  • The Center for Strategic and International Studies hosts an event on quantum computing today at 1 p.m.
  • The Brookings Institution hosts an event on the government’s role in reducing bias in algorithms on March 12 at 9 a.m.

Before you log off

Make sure you watch until the end: