Washington – The Computer & Communications Industry Association today wrote to Vermont Governor Phil Scott urging him to veto H.121, a bill that would establish the Vermont Data Privacy Act and implement an age-appropriate design code standard in the state. Despite CCIA’s general support of Vermont’s goal of enhancing data privacy protections and online safety for minors, the association has concerns with several components of H.121 that raise significant constitutional and compliance issues.
To ensure effective online safety protections for children, businesses need clear compliance guidelines to avoid accidentally violating the regulations. While the legislation outlines broad expectations, it lacks specific guidance on how businesses can meet these objectives. CCIA warns against confusing concepts related to estimating user ages, including the age-estimation mechanisms outlined in Section 7 of H.121. CCIA believes these regulations cannot be fully relied on to determine users’ ages, and businesses that do so may face liability under the bill if they inaccurately identify users under 18.
CCIA also opposes Section 1 of the bill, specifically the inclusion of a private right of action which permits consumers to take legal action against businesses for potential violations of the proposed regulations. This provision could potentially flood Vermont’s courthouses with minor claims lacking substantial evidence of actual injury. These lawsuits would be both costly and time-consuming, adversely affecting the state’s economy. Section 1 of H.121 also includes several definitions and compliance requirements that would be unique to Vermont, inhibiting interoperability with other existing state privacy laws and complicating businesses operating in the state’s ability to comply with the law.
The following can be attributed to CCIA Northeast Regional Policy Manager Alex Spyropoulos:
“The importance of data privacy and the safety of young people online cannot be understated, but it is vital that in lieu of a single federal framework, any law pursued should prioritize interoperability and avoid running afoul of the Constitution. The First Amendment guarantees everyone, including teenagers, the right to access information, and this proposal would violate these rights. Teens should not be restricted in their ability to access online content solely because lawmakers rather than parents deem it unsuitable for their age group. Furthermore, the proposed Vermont Data Privacy Act would subject businesses to a unique set of privacy standards and frivolous lawsuits, complicating compliance efforts.”
