HB654 VA introduced

Consumer Data Protection Act; definition of "biometric data"; consent required for processing.

privacy

Plain-English summary

1. **ONE-SENTENCE SUMMARY:** HB654 requires businesses to obtain consent from individuals before processing their biometric data.

2. **KEY REQUIREMENTS:**
   - Obtain explicit consent from individuals before processing their biometric data.
   - For processing biometric data of known children, comply with the federal Children's Online Privacy Protection Act (COPPA).

3. **DEADLINES:**
   - The bill is currently introduced; monitor for updates on effective dates and compliance timelines.

4. **PENALTIES:**
   - Non-compliance may result in fines or enforcement actions, though specific penalties are not detailed in the current bill text.

5. **SMB IMPACT:** Small businesses that collect biometric data (like fingerprints or facial recognition) will need to implement consent processes, which may require updates to their privacy policies and customer interactions. This could involve additional training for staff and potential legal consultations to ensure compliance.

Source description

Consumer Data Protection Act; definition of "biometric data"; consent required for processing biometric data. Provides that, under the Consumer Data Protection Act, no consumer, controller, processor, or affiliate of the controller or processor shall process biometric data, defined separately in the bill, concerning an individual without obtaining the individual's consent, or, in the case of the processing of biometric data concerning a known child, without processing such data in accordance with the federal Children's Online Privacy Protection Act.

Not legal advice. Summaries are generated by AI from publicly available bill text and may contain errors or omissions. Always consult counsel before making compliance decisions.