Data Privacy
Securing Privacy, Enabling Business Growth, and Creating an Internet that Vermonters Want to Use
In a digitally driven marketplace, Vermont businesses and nonprofits rely on basic consumer data to engage with and retain customers in an efficient and cost-effective way. Any new privacy legislation should ensure Vermont businesses can continue to responsibly utilize data-driven approaches, such as email marketing, targeted advertising, and customer retention efforts, without imposing undue restrictions that hinder their ability to thrive in the 21st-century economy.
While the Legislature considered well-intentioned privacy legislation during the 2024 legislative session, it missed the mark and would have exposed Vermont businesses to a surge of shakedown lawsuits and litigation, significantly impacting how consumers and businesses interact online in the state.
Fortunately, some in the 2025 legislature are considering a commonsense model that protects consumers while also ensuring small businesses retain access to the digital tools they need. This new version – the New England model for data privacy – offers a workable solution that is regionally compatible and ensures that Vermont businesses remain competitive across state lines. This is a welcomed departure from those who continue to push for Vermont to be an outlier on data privacy.
This path forward creates significant opportunities for consumers to protect their data as they see fit and allows businesses the opportunity to comply with a regionally compatible, clear law. Lawmakers must consider this balanced approach to a data privacy law to best serve all of their constituents.
What’s at Stake
Privacy legislation mirroring what was considered in 2024 would make Vermont an outlier in data privacy and included an extreme and unclear regulatory framework. This would significantly limit how businesses, particularly small and medium-sized businesses and nonprofits across the state, engage with current and prospective Vermont customers, undermining the ability of businesses and nonprofits to compete effectively in the digital marketplace.
Vermont businesses would need to invest substantial resources to comply with Vermont-specific regulations, which could ultimately disengage consumers and place additional burdens on businesses trying to compete effectively in a global marketplace. Instead, support for the New England model will ensure workable, fair guardrails for small businesses, protecting consumer privacy while creating regional compatibility for folks across New England. As costs for Vermont businesses continue to rise due to new taxes, fees, overregulation at the state and federal levels, health care, workforce shortages, and more, adding a complex regulatory compliance burden could push many local businesses to the breaking point.
Looking Ahead
As we look to support Vermont businesses in the 2025 legislative year, it is important to consider what provisions are needed to give consumers choice over their data without unintentionally impacting Vermont businesses and nonprofits. Policymakers should find a balanced approach that protects the interests of both Vermont businesses and consumers. Several other New England states have passed strong data privacy legislation that empowers consumers and supports local businesses, and Vermont should be no different. The New England model offers a commonsense solution.
Key Considerations
Private Right of Action (PRA)
Vermont cannot afford to be the test case for the plaintiffs bar, and laws with a private right of action often result in class action lawsuits that primarily benefit the plaintiff’s attorneys. Inclusion of a PRA must be avoided, as it is in the New England model. PRAs will only hurt Vermont businesses and consumers, changing products and services for Vermont and introducing the threat of a lawsuit. Instead, the New England model eliminates PRA, empowering enforcement authority solely with the attorney general, ensuring penalties are targeted and proportionate
Regional Conformity: Ultimately, a Vermont privacy law must be consistent with language found in 18 US states (particularly our neighbors NH, CT, and RI), ensuring regional conformity and a level playing field for Vermont businesses competing for customers with neighboring states.
