Governor Phil Scott has vetoed the state’s proposed comprehensive privacy law. In rejecting the bill, he stated he was worried it created an “unnecessary and avoidable level of risk.” He had concerns in three areas.
First, unlike other states, the Vermont bill would have given individuals a private right of action. He stated that this was unnecessarily “hostile” to businesses. Second, the bill contained a “kids code” provision. It mirrored other state kids’ privacy laws (“age appropriate design” type laws). However, as he pointed out, these have been challenged in courts. As such, he stated that the appropriate timing for a children-focused law is after the case against the California law has concluded. Finally, he stated that the law will place “big and expensive new burdens” on companies and be a “disadvantage for the small and mid-sized businesses” that his state’s residents rely on.
In returning the bill, Governor Scott recommended that it be revised to be aligned with the language of Connecticut’s law. An approach, he noted, that New Hampshire had taken.
Putting It Into Practice: This is the first time that a governor has pushed back on one of the US state comprehensive privacy laws. It is likely that the law will be revised to be more in line with other states’ privacy laws. (And, it may retain the July 1, 2025 effective date.)