In May of 2018, the European Union enacted the General Data Protection Rules, or GDPR, a legal framework that outlines not only how companies may collect and process personal information of EU residents, but how that data is stored and used. Since its enactment, GDPR has triggered a global push towards compliance with those standards. In the United States, there presently is no such national standard. However, California has enacted a law that has strong resemblances to GDPR, called the California Consumer Protection Act (CCPA), for which regulations go into effect in January 2020.
The concern, of course, is that instead of one federal standard, the CCPA could represent the beginning of a patchwork of state privacy laws that will make it more difficult for companies and consumers to understand their rights and to ensure compliance. The U.S. Senate’s Commerce Committee has been debating two proposed federal privacy statutes, one led by Senator Roger Wicker, R-Mississippi, who is the committee’s present chair, and the other proposal is being led by Senator Maria Cantwell, D-Wash., who is the committee’s ranking minority member. While there are significant differences in philosophy and breadth of the proposed legislations, all parties agree that federal privacy legislation is needed now.
While there is cause for optimism regarding the overall momentum, there are three main areas that keep the competing drafts of legislation from coming together to form a final bill, along with a myriad of smaller issues that have been debated as well. Those three areas are the idea of a private right of action, the possible preemption of state laws, and enforcement of the law. Continue Reading