Virginia Bans Sale of Geolocation Data
Privacy & Cybersecurity Law Blog
Global Privacy and Cybersecurity Law Updates and Analysis
Home
Insights
Blogs
Virginia Bans Sale of Geolocation Data
Time
1 Minute Read<br>April 16, 2026
Categories: U.S. State Law<br>On April 13, 2026, Virginia Governor Abigail Spanberger signed into law S.B. 388, which amends the Virginia Consumer Data Protection Act (“VCDPA”) to prohibit the sale of geolocation data. Notably, the VCDPA defines “sale” more narrowly than other state comprehensive privacy laws, as “the exchange of personal data for monetary consideration by the controller to a third party.”
The ban on the sale of geolocation data goes into effect on July 1, 2026.
Virginia follows Maryland and Oregon in banning the sale of geolocation data. Both Maryland and Oregon more broadly define “sale” to mean the exchange of personal data “for monetary or other valuable consideration.” Virginia joins several other states that have recently proposed legislation with similar bans, including California, Massachusetts, Vermont and Washington State. The legislative activity follows regulatory scrutiny on the sale of geolocation data, including the California Attorney General’s investigation into the location data industry in March 2025, and a 2024 FTC settlement banning a data broker from selling geolocation data.
Tags: Consumer Protection, Geolocation Data, Legislation, Virginia
Twitter/X
Search
Category
- All -
Behavioral Advertising<br>Centre for Information Policy Leadership<br>Children’s Privacy<br>Cyber Insurance<br>Cybersecurity<br>Enforcement<br>European Union<br>Events<br>FCRA<br>Financial Privacy<br>General<br>Health Privacy<br>Identity Theft<br>Information Security<br>International<br>Marketing<br>Multimedia Resources<br>Online Privacy<br>Security Breach<br>U.S. Federal Law<br>U.S. State Law<br>Workplace Privacy
Tag
- All -
Aaron P. Simpson<br>Accountability<br>Adequacy<br>Advertisement<br>Advertising<br>Age Appropriate Design Code<br>Age Verification<br>Alabama<br>American Privacy Rights Act<br>Anna Pateraki<br>Anonymization<br>Anti-terrorism<br>APEC<br>Apple Inc.<br>Argentina<br>Arkansas<br>Article 29 Working Party<br>Artificial Intelligence (AI)<br>Attorney General<br>Audit<br>Australia<br>Austria<br>Automated Decisionmaking<br>Baltimore<br>Bankruptcy<br>Belgium<br>Biden Administration<br>Big Data<br>Binding Corporate Rules<br>Biometric Data<br>Blockchain<br>Bojana Bellamy<br>Brazil<br>Brexit<br>British Columbia<br>Brittany Bacon<br>Brussels<br>Business Associate Agreement<br>BYOD<br>California<br>CalPrivacy<br>CAN-SPAM<br>Canada<br>Cayman Islands<br>CCPA<br>CCTV<br>Centre for Information Policy Leadership (CIPL)<br>Chatbot<br>Chile<br>China<br>Chinese Taipei<br>Christopher Graham<br>CIPA<br>Class Action<br>Clinical Trial<br>Cloud<br>Cloud Computing<br>CNIL<br>Colombia<br>Colorado<br>Committee on Foreign Investment in the United States<br>Commodity Futures Trading Commission<br>Compliance<br>Computer Fraud and Abuse Act<br>Congress<br>Connecticut<br>Consent<br>Consent Order<br>Consumer Protection<br>Consumer Rights<br>Cookies<br>COPPA<br>Coronavirus/COVID-19<br>Council of Europe<br>Council of the European Union<br>Court of Justice of the European Union<br>CPPA<br>CPRA<br>Credit Monitoring<br>Credit Report<br>Criminal Law<br>Critical Infrastructure<br>Croatia<br>Cross-Border Data Flow<br>Cross-Border Data Transfer<br>Cyber Attack<br>Cybersecurity<br>Cybersecurity and Infrastructure Security Agency<br>Data Breach<br>Data Brokers<br>Data Controller<br>Data Localization<br>Data Minimization<br>Data Privacy Framework<br>Data Processor<br>Data Protection Act<br>Data Protection Authority<br>Data Protection Impact Assessment<br>Data Protection Officer<br>Data Security<br>Data Transfer<br>David Dumont<br>David Vladeck<br>Deceptive Trade Practices<br>Delaware<br>Denmark<br>Department of Commerce<br>Department of Defense<br>Department of Health and Human Services<br>Department of Homeland Security (DHS)<br>Department of Justice<br>Department of the Treasury<br>Design<br>Digital Markets Act<br>District of Columbia<br>Do Not Call<br>Do Not Track<br>Dobbs<br>Dodd-Frank Act<br>DORA<br>DPIA<br>E-Privacy<br>E-Privacy Directive<br>Ecuador<br>Ed Tech<br>Edith Ramirez<br>Electronic Communications Privacy Act<br>Electronic Privacy Information Center<br>Electronic Protected Health Information<br>Elizabeth Denham<br>Email<br>Employee Monitoring<br>Encryption<br>ENISA<br>EU Data Protection Directive<br>EU Member States<br>European Commission<br>European Data Protection Board<br>European Data Protection Supervisor<br>European Parliament<br>Facebook<br>Facial Recognition Technology<br>FACTA<br>Fair Credit Reporting Act<br>Fair Information Practice Principles<br>Federal Aviation Administration<br>Federal Bureau of Investigation<br>Federal Communications Commission<br>Federal Data Protection Act<br>Federal Trade Commission<br>FERC<br>Financial Data<br>FinTech<br>Florida<br>Food and Drug Administration<br>Foreign Intelligence Surveillance Act<br>France<br>Franchise<br>Fred Cate<br>Freedom of Information Act<br>Freedom of Speech<br>Fundamental Rights<br>GDPR<br>Genetic Data<br>Geofencing<br>Geolocation<br>Geolocation Data<br>Georgia<br>Germany<br>Global Privacy Assembly<br>Global Privacy Enforcement Network<br>Google<br>Gramm Leach Bliley Act<br>Grok<br>Hacker<br>Hawaii<br>Health Data<br>HIPAA<br>HITECH Act<br>Hong Kong<br>House of...