Here are the different ways 11 states are handling consumer data privacy laws.
Nevada
- SB 220
- Status: Signed
Where some states are reaching further into people’s lives in order to extend privacy rights, Nevada’s consumer privacy law, signed into law in 2019, is a bit more reserved. Consumers may request the removal of their information from company data, and companies must comply within 60 days. There’s a wrinkle, though: The companies must have actual plans to sell that data in order to be subject to the law. This could lead to workarounds or loopholes where companies do things like “trade” rather than sell data.
Gorodenkoff // Shutterstock
Ohio
- SB 376: Ohio Personal Privacy Act
- Status: Introduced
Ohio’s consumer protection law, introduced in July 2021, affords consumers the opportunity to access and even request deletion of their personal data from applicable companies. They may also opt out of the sale of their data altogether. However, there are many exemptions and exceptions in this law. For example, business-to-business (B2B) transactions are not subject to the law—ironic since this is where many data sales take place.
Rudy Balasko // Shutterstock
Pennsylvania
- HB 1126
- Status: In committee
Under Pennsylvania’s proposed consumer privacy law, consumers would be given certain rights as far as disclosure and approval of what happens to their data. The law also makes the state attorney general responsible for enforcing the law, meaning consumers would be able to sue in civil court and potentially cause companies to be fined for violating the law. The passage of this kind of law typically leads to a huge increase in lawsuits that could start immediately upon the bill’s adoption.
Lawmakers of both parties are eyeing legislation that would advance federal data privacy as well as measures that would address children’s online privacy.
