Ohio Introduces CCPA-like Data Privacy Legislation
Ohio is the most recent US state to consider a comprehensive consumer data privacy regulation for its citizens. Should the Ohio Personal Privacy Act (“OPPA”) pass, it will follow California, Virginia and Colorado in improving its state privacy laws related to consumer rights.
What organizations will be in scope?
OPPA would affect businesses in Ohio or businesses that collect data from consumers in Ohio if they exceed one of the following thresholds:
- at least $25 million in gross revenue;
- has 100,000 customers;
- earns more than 50% of its revenue from the sale of personal data and processes; or
- controls personal data of 25,000 or more consumers.
Like CCPA, this is an “or” test, meaning that if only one threshold is exceeded, then the business is in scope. OPPA provides exceptions for certain business and institutions, which include universities, B2B transactions, or covered entities under HIPAA or GLBA.
What rights are granted by OPPA?
- to ask companies what personal data they’ve collected;
- to request corrections to the personal data collected;
- to request that data be deleted subject to exceptions; and
- to request that companies stop selling their personal data.
If a consumer restricts a company’s access to their data, can that company increase prices?
No. OPPA specifically prohibits businesses from modifying the price of its products against consumers who exercise any of the above rights, as this would be deemed to be a discriminatory practice. Businesses must have legitimate business reasons for any differences in prices or ranges.
What are the penalties for OPPA violations?
Unlike CCPA, OPPA does not provide for a private right of action. However, consumers may make a complaint to the Attorney General’s Office who may seek civil penalties of up to $5,000 for each violation of OPPA. Although such penalties could be severe, the OPPA provides a 30-day cure period prior to the initiation of an action by the OAG.
When does OPPA go into effect?
That’s an open question; the Ohio legislature would first need to vote to approve the legislation, then the governor would need to sign it into law.
How Can Clym Help?
Clym believes in striking a balance between legal compliance and business needs, which is why we provide a cost-effective, scalable and flexible platform to comply with LGPD, GDPR, CCPA and other laws, including those in the UK, as they come online. Our platform provides consumers with an effective and easy-to-navigate way to opt-out of data collection while not infringing upon the website UI that businesses rely on to drive revenues. Contact us today about how your company can implement Clym to help manage your data privacy regulation compliance from a global perspective.