In May 2018, the European Union’s General Data Protection Regulation (GDPR) went into effect, imposing broad, stringent standards for protecting personal information in digital and traditional formats. In contrast to the GDPR, data privacy in the United States is governed by a patchwork of laws that differ across industries and across states. Increasingly, however, lawmakers, citizens, and industry leaders have advocated for a federal law that will provide clear, uniform standards.
On February 27, 2019, the U.S. Senate Committee on Commerce, Science, and Transportation (the Committee) conducted a hearing on “Policy Principles for a Federal Data Privacy Framework” to begin the work of creating a proposed federal data protection framework that would balance privacy concerns of consumers and the economic and logistical concerns of industry. The testimony received by the Committee emphasized the necessity for transparency and consumer choice about what information is collected and how it is used and shared. The witnesses also focused on the importance of consumer trust as it relates to a robust economy. It is undeniable that the internet impacts a significant and growing segment of the U.S. economy and in order to sustain robust economic activity, consumers must be able to utilize internet-based services with confidence.
A federal privacy law would fundamentally change the information security landscape in the United States. As federal lawmakers introduce and debate proposed legislation, it remains to be seen how broadly consumer rights will be defined and how forcefully Congress and the implementing agencies will enforce new protections.