Indiana Advances Towards New Data Privacy Legislation
Written on
Overview of Indiana's Data Privacy Landscape
Recent developments in Indiana suggest that data privacy regulations may soon take a more prominent role in the state. The Indiana Senate Commerce & Technology Committee has recently approved Senate Bill 5 (SB 5), which aims to bolster consumer data protection.
A Look Back: Indiana's Previous Efforts
This isn't Indiana's first effort to introduce statewide data privacy laws. In 2022, Senate Bill 358, inspired by the European General Data Protection Regulation (GDPR), was swiftly passed by the Indiana Senate but ultimately failed in the House due to concerns about its implications for social media regulation.
Despite this setback, Representative Brown (R), who authored both the original and the new bill, persisted and made necessary revisions to bring forth a new proposal in 2023.
The Framework of SB 5: A Shift in Approach
The demise of SB 358 paved the way for the enhanced SB 5. Rather than following the GDPR model, the new Consumer Protection Act takes cues from the Virginia Consumer Protection Act.
SB 5 grants consumers several rights, including the ability to correct their personal information, the option to opt-out of specific data collections, and the right to request the deletion of their personal data. Additionally, the bill establishes requirements for data controllers, including conditions under which consent is necessary.
Crucially, SB 5 offers a clear definition of personal data, stating that it encompasses information that is "linked or reasonably linkable to an identified or identifiable individual," while excluding data that is already public.
Future Outlook and Expectations
The advancements in data privacy legislation are thrilling for advocates, but what comes next? Following the committee's approval, SB 5 will be presented to the Senate. If it passes, it will then proceed to the Indiana House of Representatives for further modifications and voting.
There are encouraging signs for the 2023 bill's success. The General Assembly has had ample time to review the bill since its previous failure and has observed similar laws being enacted in other states.
Moreover, the decision to model the bill after Virginia, rather than the GDPR or the California Privacy Rights Act (CPRA), may signal a favorable outcome. The Virginia model is seen as business-friendly, as it does not grant individuals the right to private action and applies only to businesses that meet specific thresholds.
Will Indiana be the next state to implement comprehensive data privacy legislation? Only time will reveal the answer. For now, all eyes are on the Senate!
If you or someone you know wants to learn more about the implications of the Indiana Consumer Protection Act, feel free to reach out to the author, Maddie San Jose.