Ohio is considering a data privacy law that would allow consumers to see and delete data that companies keep on them.
The Ohio Personal Privacy Act (House Bill 376), sponsored by Rep. Rick Carfagna, (R-Genoa Township) and Thomas Hall, (R-Madison Twp) would create a consumer bill of rights that includes the right to see the data a company has collected, the right to correct or delete that data, the right to opt out of their data being sold, and the right to bring complaints to Ohio’s attorney general. The law does not include a private right of action.
It’s that last right that’s most noteworthy, as several other state bills–including Florida’s CCPA-lookalike–have died before becoming law due to pushback on a private right of action.
The Columbus Dispatch reports that the law would only apply to companies with sales above $25 million in Ohio, or ones that keep records on more than 100,000 consumers, something that Ohio’s Lt. Gov. Jon Husted says sets it apart from California’s law. The bill, should it become law, would also grant exemptions to federally regulated businesses like banks, credit unions, and doctor’s offices.
House Bill 376 highlights some interesting trends in the U.S. data privacy landscape. The fact that it lacks a private right of action nods to the fact that many legislators may try to push through data privacy bills that can pass, but that doesn’t leave consumers with as many protections. Underscoring this is the lack of cybersecurity regulations laid out in laws like CCPA.
If the Ohio Personal Privacy Act passes, it could help to create a second tier of consumer protections. It could even encourage data-intensive companies to locate businesses in “data sale friendly” states.