Didomi enables you to build consent notices compliant with Virginia Consumer Data Protection Act (VCDPA). The VCDPA features particular requirements that must be included in your notice,
- Vendors processing Sensitive Personal Information (SPI) must be displayed
- Purposes have to be grouped into pre-defined categories
- Global Privacy Control (GPC) must be taken into consideration
The following steps show you how to properly configure VCDPA on your notice.
⚠️ The IAB TCF framework does not apply to VCDPA regulation. It is only valid for GDPR.
⚠️ For now, only the English language is supported for VCDPA.
✅ Add SPI to your vendors
Sensitive Personal Information (SPI) is defined as personal information that is not publicly available, and which reveals information related to:
- Racial or Ethnic Origin,
- Religious Beliefs,
- Mental or Physical Health Diagnosis,
- Sexual life or Orientation,
- Citizenship or Citizenship status,
- Genetic data that may be processed for the purpose of uniquely identifying an individual,
- Biometric data that may be processed for the purpose of uniquely identifying an individual,
- Information of Known Child
You can include Sensitive Personal Information (SPI) in the Purposes section of your Data Manager and assign it to a Vendor when editing their details. SPI can be managed within the notice like any other purpose, allowing you to use all purpose-related features.
✅ Configure your VCDPA notice
To create your VCDPA notice, follow these steps:
- Go to Consent notices and choose Edit Notice.
- In the Regulations tab of step 1. Regulations, select VCDPA from the list of regulations (additional several regulations can be selected, since Didomi supports multiple regulations).
- Click on Edit Vendors & Purposes.
- Select the vendors to be added to your VCDPA notice. To create custom vendors, click on Add a new vendor.
- Scroll down to the Purposes section. The purposes associated with the selected vendors appear below the three default CPRA categories. You can choose to keep these default categories, edit or delete them.
- Click on Add category to create your custom category.
- Define the name of your category, the button labels for the Agree and Disagree action on your category.
- Drag and drop your purposes into your categories.
- Save.
- You can now proceed to configure further notice parameters in step 2. Customization, before publishing in step 3. Publish.
- Don't forget to fill in specific VCDPA parameters for each step (Look & feel, Content editor, and Integrations, especially).
- You can see live previews of your VCDPA notice, including all VCDPA-specific parameters.
For now, only the English language is supported for VCDPA notices.
✅ This is how your VCDPA notice will look:
- 1st layer - When SPIs are not defined
- 1st layer - When SPIs are present
- Partners layer
✅ GPC signal
Global Privacy Control (GCP) is a privacy signal supported by several browsers for users to specify at the browser level that they do not want their data to be processed (more details about GPC and supported browsers available in GPC specifications).
Didomi VCDPA notices support GPC automatically.
As soon as the signal is detected, your VCDPA notice is adjusted to respect the user choice via GPC:
- A "GPC signal detected" icon is displayed in the notice.
- All personal information will be set to Do not sell / Do not share.
- Instead of Agree and Close there will be a Close button.
There is no option yet to enable or disable GPC from the console. It is automatically supported.