When lawmakers in Ohio introduced a proposal last year for a state-level privacy law, it was joining a chorus of US states that were updating their laws for greater data privacy rights.
The Ohio Personal Privacy Act is just one of the latest examples of a US state taking action on digital privacy rights and revamping their law books to reflect the modern day.
It is a wave that kickstarted with California and the California Privacy Rights Act in 2020 – which was an update on the previous law, the CCPA – which aimed to shore up protections for people and their data. The law, often dubbed a US GDPR, took many cues from its European counterpart around how data should be handled and breaches reported while introducing a host of new measures that businesses needed to comply with.
The CPRA is limited to California and whatever final form Ohio’s law takes will be within its state lines, but their reach has been wide as more states look to bolster protections for consumers and their personal information.
For advocates of greater data privacy protections, this has been a welcome development but the slew of states in the US that have followed suit have not adhered to a single template.
Laws have been passed or proposed in Colorado, Virginia and New York, each with their own tweaks and nuances. It means that the changing landscape of data protection is anything but linear and is only going to be a continuous challenge.