New Vermont Data Privacy Laws Empower Consumers to Delete Personal Information

On June 16, 2026, Vermont Governor Phil Scott officially signed into law two monumental pieces of consumer protection legislation: H.211, targeting data brokers, and S.71, the Vermont Data Privacy and Online Surveillance Act. Together, these legislative pillars represent one of the most aggressive defenses of consumer sovereignty over digital footprints in the United States. By targeting both the commercial data brokers who buy, package, and resell personal tracking details and the online entities that collect user footprints at the interface level, Vermont has created a dual-action mechanism for digital anonymity. For citizens and businesses alike, the signing of these bills marks a watershed moment, shifting the balance of power from multi-billion-dollar data merchants back to the individual. In an era where digital profiling has become ubiquitous, the enforcement of robust data privacy laws serves as a vital safeguard for personal autonomy, setting a precedent that other state and federal bodies will find difficult to ignore.

From the Veto of H.121 to a Workable Compromise on Data Privacy Laws

The enactment of Vermont’s new data privacy laws did not happen in a vacuum. It was forged in the fires of a multi-year legislative struggle. In June 2024, Governor Phil Scott vetoed a highly anticipated and sweeping consumer privacy bill known as H.121. That failed legislation had garnered near-unanimous legislative support, but its inclusion of a “private right of action” (PRA) made it a target for heavy lobbying from technology and national retail groups. Governor Scott returned H.121 without signature, citing concerns that a private right of action would make Vermont a hostile outlier for mid-sized employers and non-profits, opening the floodgates to expensive, frivolous litigation. Furthermore, Scott questioned the “Kids Code” provisions in H.121 due to outstanding constitutional challenges faced by similar laws in California.

Recognizing the Governor’s firm stance, Vermont legislators spent the subsequent legislative sessions recalibrating their strategy. The resulting compromise in 2026 split the data privacy framework into two targeted instruments. First, S.71 was designed to closely mirror the consumer-controller framework of the Connecticut Data Privacy Act—a corporate compliance model preferred by regional businesses—while completely stripping the contentious private right of action. Second, H.211 focused directly on the registry of data brokers, fortifying a first-in-the-nation registry system established by Vermont in 2018. This bifurcated approach successfully addressed Governor Scott’s business-risk concerns while preserving core consumer protections, paving the way for the historic June 16, 2026 signing