Despite years of encouragement from people and organizations all across the country, Congress has still not passed a federal preemptive data privacy law. As time goes on, states are filling the gap by passing their own laws, configuring a fragmented and confusing set of privacy regulations that leave residents of different states protected in different ways.
State privacy laws in Connecticut and Colorado officially went into effect on July 1, 2023, making them the newest additions to the patchwork of data privacy laws being implemented across the country. They join California, Virginia, and Nevada on the list of states with privacy laws in effect – a list which is only getting longer with time.
The mixture of laws creates many negative consequences for consumers and businesses alike. Not only does it cause confusion when operating in different states, it opens the door for unequal safeguards for Americans based on where they choose to live or conduct business.
Connecticut and Colorado are not the last states to enact these laws. Utah has finalized their privacy law, which will go into effect in December 2023. In addition, eight new states have passed or are in the process of passing data privacy legislation this year, including Delaware, Florida, Indiana, Iowa, Montana, Oregon, Texas, and Tennessee. Privacy bills have also been introduced in New York, Massachusetts, New Jersey, and several other states.
The discrepancies between laws can present in many forms, including varying privacy policy and notice requirements, approaches to sensitive data and data associated with children and minors, approaches to pseudonymous data, and more. For example, while Iowa’s law permits residents to make the choice to opt out of sensitive data processing, Indiana’s law mandates opt-in consent before sensitive data can be processed at all. It has been encouraging to see the majority of states adopt the same definition and opt-out approach for “targeted advertising,” allowing some alignment across state lines.
With effective dates ranging from July 2024 to January 2026, the elaborate patchwork that has begun to form is growing in both size and complexity before our own eyes.
The United States needs one federal, preemptive law to help guide businesses and consumers, and to create protective data privacy procedures. A confusing mixture of frameworks based on lines on a map will make an already complex topic even more intricate.
Privacy for America’s Principles for Privacy Legislation would help ensure the protection of consumers across the entire country and make privacy practices simpler and consistent for both consumers and businesses. Our framework for a preemptive federal law is the best solution to protecting all Americans from harmful data practices while preserving the responsible use of data that drives innovation and economic growth.
Learn more about our federal proposal here: https://www.privacyforamerica.com/overview/principles-for-privacy-legislation/