Virginia Consumer Data Protection Act - Profiling Provisions

VAFor companies using AIMediumseverityIn effect

In effect since January 1, 2023

Overview

Grants Virginia consumers the right to opt out of profiling in furtherance of decisions that produce legal or significant effects.

This is a privacy law with automated decision-making provisions.

Virginia AI regulation guide lists every tracked rule for this jurisdiction with timelines and obligation tallies.

Who this applies to

This regulation applies to companies that use or deploy AI tools and systems built by other vendors. If your company uses AI-powered products in the areas listed below, this regulation may apply to you.

AI categories covered

Consumer-facing AI
Automated decision-making
Algorithmic profiling

Specific AI use cases:

Customer profiling and segmentation

What this requires you to do

Consumer opt-out required
Provide an opt-out mechanism. Consumers must be able to opt out of automated decision-making.
Obligation explainer: Consumer opt-out
Profiling disclosure required
Disclose profiling activities. Inform consumers when you use their data for profiling purposes.
Obligation explainer: Profiling disclosure
ADM impact assessment required
Conduct an ADM impact assessment. Evaluate how your automated decision-making affects consumers.
Obligation explainer: ADM impact assessment

Enforcement and penalties

Up to $7,500 per violation. Enforced by Virginia AG.

Source

Read the full text

https://law.lis.virginia.gov/vacodefull/title59.1/chapter53/

Always verify current language and amendments at the official source.

Want to know what else applies to your company?

Run a free XIRA scan to see all regulations that match your states and AI tools.

Start your free scan