Consumer privacy regulation progresses at the state level

Photo (c) ipopba - Getty Images

As far as country-wide legislation, that might take a while longer

While Facebook sits and waits for the fine it’ll likely have to pay for failure to protect its users’ privacy, some U.S. states are already on the job creating tighter consumer data privacy legislation.

Already this year, more than half the states have broached the subject in new legislation covering a gamut of privacy-focused laws. In ConsumerAffairs’ audit, we found proposed laws ranging from preventing disclosing location data from a mobile phone without the consent of the customer to requiring manufacturers of smart speakers (like Amazon Alexa) to obtain signed written permission from users before storing voice recordings or transmitting.

Leading the way is California, where regulators passed new consumer privacy protections in 2018. Already this year, two states, Nevada and Maine, have joined California’s crusade by passing new privacy protections for consumers of their own.

But, for many states, the gauntlet California threw down is costly and complex, to the extent that companies are struggling to mimic California’s requirements. Arizona, Kentucky, Connecticut, Maryland, and Mississippi all had privacy bills introduced, but they never made it past the legislative incubator.

To be or not to be is the bigger question for the U.S.

Despite Europe leading the way with General Data Protection Regulation (GDPR), and research proving that the desire of a U.S.-wide consumer privacy law is something consumers want, getting to that point may take a while. A country-wide initiative has some support from the likes of Apple CEO Tim Cook and others, but it seems to be all talk at the moment.

Complicating the debate on the federal level? As you might imagine, it’s the typical lost-in-committee rabbit holes, how things are defined, who’s in charge, and the issue of enforcement.

“A U.S. federal privacy law will be much discussed but not passed,” projects Chris Babel, CEO of privacy compliance firm TrustArc.

“The trade deal replacing the North American Free Trade Agreement (NAFTA) and the United States-Mexico-Canada Agreement (USMCA) will drive new discussions around cross-border data sharing between the U.S., Canada, and Mexico. A handful more states in the U.S. will seek to adopt state privacy laws such as the California Consumer Privacy Act, and 2-3 states will pass one. The EU will agree upon and issue standards for GDPR certification, creating another rush to comply with the standard. The multitude of country-specific privacy laws in Asia will continue to increase and splinter across the region.”

Take an Identity Theft Quiz. Get matched with an Authorized Partner.