Virginia (VCDPA)

Modified on Mon, 26 Jun, 2023 at 2:01 PM

What is the Virginia VCDPA regulation?


Virginia's legislation on data privacy has been shaped by the California Consumer Data Privacy Act (CCPA).


Effective from January 1, 2023, websites, companies, and organizations involved in business operations within Virginia or catering to Virginia residents through their products or services are obliged to adhere to the requirements outlined in the VCDPA, provided they meet the stipulated compliance thresholds.


The Virginia Consumer Data Protection Act (VCDPA) addresses the utilization of cookies and other tracking technologies, specifically pertaining to targeted advertising. Websites employing cookies and trackers to collect and process personal data from individuals located in Virginia must offer users the ability to opt out of the collection and use of their personal data for targeted advertising purposes.


This opt-out alternative can be facilitated through a consent management platform (CMP) that automatically identifies and controls the use of cookies and other tracking technologies based on users' expressed consent preferences as they interact with consent banners or cookie banners on the websites they visit.


It is important to note that the VCDPA does not necessitate companies to seek and obtain users' consent prior to processing their personal data in general. However, prior consent is required if the personal data falls under the category of sensitive information.


Consequently, if your company or organization is already compliant with the EU's General Data Protection Regulation (GDPR), the process of aligning your consent management solution with Virginia's VCDPA should require minimal effort. As previously mentioned, prior consent is only required in certain scenarios, while users must always retain the ability to opt out at a later stage and be consistently informed about the collection, use, and sharing of their data.


If you want to know more about the different regulations you can access our article "Laws and regulations for each region"



Cookie banner to comply with VCDPA


Taking into account the main characteristics of this regulation a cookie consent banner should have the following:


  • Include a Button to Reject Cookies: Although it does not specifically clarify a button as in other cases, we must provide an opt-out option that “takes effect immediately and is consistent.”
  • Provide Detailed Information About Cookie Use: The cookie banner should contain information about why the website uses cookies. For example, does it collect data for analytics, advertising, or social media purposes?
  • Alert the User if the Website Shares Data with Third Parties: If the website shares the data collected through cookies with third parties the cookie banner should explain this.
  • Link to the Website’s Cookie Policy: Here the website will provide further information about the cookies in use on the site, including a list of all the cookies.
  • Include a Link to the Cookie Settings: This isn’t required under GDPR as long as users have the choice to reject all cookies. However, it does have the benefit of allowing users who would otherwise reject all cookies to permit some forms of data collection. 


Observations: With illow´s GLOBAL banner, your site will be ready to comply with this regulation.


If you want to know the different types of banner cookies that you can find on our platform, access our article "Types of banners you will find on our platform"


Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article