Pennsylvania lawmakers consider data privacy bill

Lawmakers in Pennsylvania began discussing a data privacy bill that would allow consumers to opt out of having their data collected online.
Pennsylvania capitol building
(Getty Images)

Lawmakers in Pennsylvania this week began considering a data privacy bill that would allow consumers in the state to opt out of having their data collected online.

The Consumer Data Privacy Act, or House Bill 1201, was introduced in May and was heard during an informational session on Wednesday in the House Commerce Committee. It would require businesses in the commonwealth to create a path for consumers to opt out of having some of their data processed. Pennsylvanians would also have the option to delete the personal data collected by a business and make complaints to the attorney general, who is tasked with enforcement of the law.

Other data privacy rights the bill would codify for consumers include the right to confirm whether a business is processing or accessing their data, to correct inaccuracies in their personal data and to access to a copy of their personal data.

Businesses that would be subject to the law include those that do business in the commonwealth and meet any of three thresholds: has an annual gross revenues exceeding $10 million; deals commercially with the personal information of at least 50,000 consumers, households or devices; or derives at least 50% of annual revenues from selling consumers’ personal information.


Pennsylvania joins four other states — Delaware, Massachusetts, New Jersey and North Carolina — that are considering data privacy legislation this year. Another 11 states have already enacted similar “comprehensive” data privacy bills.

Wednesday’s House Commerce Committee informational session on the data privacy bill saw lobbyists from Microsoft and the Pennsylvania Retailers Association testify in support of the bill, City & State Pennsylvania reported.

One point of praise for the bill was its lack of a private right of action, which allows individuals to bring civil action against companies found violating the law. Like other comprehensive data privacy laws in states such as Virginia and Tennessee, Pennsylvania’s data privacy bill leaves the law’s enforcement up to the attorney general. This architecture was commended by several who testified on Wednesday, City & State reported.

However, concerns about the bill’s potential redundancy arose from Pennsylvania Insurance Federation, a trade association representing insurance companies.

“The insurance commissioner already has the authority to do what you’re saying the attorney general should do in this bill,” Timothy Knapp, general counsel to the Pennsylvania Insurance Federation, said during the session, according to City & State. “So right now, if an insurance company has a data security issue, what we’re doing is, we’re going to the insurance commissioner – to our regulator – who regulates our industry.”


In a March memoranda prior to bill’s introduction, the HB 1201’s prime sponsor, state Rep. Ed Neilson said that consumers have a right to data privacy and to know how their information is being used online.

“In the near future, I intend to reintroduce legislation that gives consumers rights when it comes to their personal data and requires certain businesses to protect consumer privacy and limit the collection of consumer data,” Neilson said in March.

Keely Quinlan

Written by Keely Quinlan

Keely Quinlan reports on privacy and digital government for StateScoop. She was an investigative news reporter with Clarksville Now in Tennessee, where she resides, and her coverage included local crimes, courts, public education and public health. Her work has appeared in Teen Vogue, Stereogum and other outlets. She earned her bachelor’s in journalism and master’s in social and cultural analysis from New York University.

Latest Podcasts