Digital Policy Alert logo

United States of America: Introduction of Pennsylvania Consumer Data Privacy Act (H.B. 2202)

Policy overview

Description

Introduction of Pennsylvania Consumer Data Privacy Act (H.B. 2202)

On 13 December 2021, the Pennsylvania Consumer Data Privacy Act was introduced. The Bill introduces the rights to access, rectify, and delete personal data owned by a controller. Moreover, the Bill introduces the right to data portability and to opt-out from a controller's data processing related to targeted advertising, personal data sale or profiling activities having legal effects. Finally, the Bill requires every data controller to obtain the explicit concern of users when they process sensitive personal data and to adopt security measures to protect stored data. The Act would be enforced by the Attorney General.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Data protection regulation
Regulated Economic Activity
cross-cutting
Implementation Level
subnational
Government Branch
legislature
Government Body
parliament

Complete timeline of this policy change

Hide details
2021-12-13
under deliberation

On 13 December 2021, the Pennsylvania Consumer Data Privacy Act was introduced. The Bill introduc…

Key regulatory dimensions

Regulated subjects

The businesses, government agencies or individuals affected by this policy or regulatory change.
producer / supplier
1
Type Any
Economic activity online advertising provider
Category All
2
Type Any
Economic activity cross-cutting
Category All

Policy change by business practice

The detailed activities within the scope of this policy or regulatory change.
personal data (all forms): data collection
Regulatory tool
User or public reporting requirement
Sanctions
Civil penalty
Regulated subjects
2
personal data (all forms): data processing
Regulatory tool
User consent: Permit user opt-out
Sanctions
Regulated subjects
1
Regulatory tool
User right to portability of personal data
User right to rectification of personal data
User right to access personal data
User right to deletion of personal data
User or public reporting requirement
Sanctions
Civil penalty
Regulated subjects
2
personal data (all forms): storage (any form)
Regulatory tool
User right to portability of personal data
User right to rectification of personal data
User right to access personal data
User right to deletion of personal data
User or public reporting requirement
Duty of care requirement
Sanctions
Civil penalty
Regulated subjects
2
personal data (all forms): sale
Regulatory tool
User or public reporting requirement
Sanctions
Civil penalty
Regulated subjects
2
Regulatory tool
User consent: Permit user opt-out
Sanctions
Regulated subjects
1

Policy change by business practice

The detailed activities within the scope of this policy or regulatory change.

personal data (all forms): data collection

personal data (all forms): data processing

personal data (all forms): storage (any form)

personal data (all forms): sale