After California's landmark passing of the CPRA, which expands digital privacy and adds enforcement teeth to the CCPA, a number of other US states are making similar moves. Virginia's legislature passed its version, called the Consumer Data Protection Act (CDPA), which mirrors California's law and the European GDPR that informed it. Global law leader Dentons encapsulates the contents nicely in this short overview, noting differences like the consumers' right to appeal denials of their privacy requests and the lack of provision for a private right of action, focusing enforcement instead on the opportunity to cure problems before penalties are levied.
Nevada already has a law in this vein in place that some experts view as more stringent that California's. Washington and Illinois lawmakers are taking another swipe at similar legal frameworks that, unlike Virginia, include a private right to action and suspension of operations if problems are not cured. We noted in our last issue that federal legislation may come to vote this year, and we will see if California continues to lead the nation to larger consumer protection in the area of digital privacy.