Steer clear of US consumer data privacy law misconduct

Itzhak Assaraf is Chief Technology Officer and cofounder of 1touch.io, based in New York City.

Data privacy laws started trending with the European Union’s General Data Protection Regulation (GDPR) and continued with the California Consumer Privacy Act[1] (CCPA)—which will eventually become the California Privacy Rights Act (CPRA) in 2023—and has expanded worldwide. All-encompassing consumer data privacy laws are now in the works, or have recently been passed, in India, Indonesia, South Africa, New Zealand, Malaysia, Tanzania, and many more countries across the globe.

In the US, there has also been a shift toward consumer data privacy, with the implementation of several state laws now underway. And though CCPA gets the lion’s share of the press due to its depth and breadth of applications, it is not the only state-level consumer data privacy regulation on the books. Maine and Nevada have also recently enacted state-level laws that put the brakes on consumer data-sharing practices. Though both are far more limited in scope than the far-reaching CCPA, this represents commendable momentum in the shift toward a privacy-by-design approach to how consumer data are handled.

There are only three laws currently on the books, and another 10–12 are in some stage of the legislative process. We can expect this number to rise as additional states begin to recognize that consumers across the country now expect businesses to correct data privacy sins of the past and become transparent in their collection and sharing practices. This means that, within a few years, we can reasonably expect to see upwards of 10–15 state-level regulations on the books.

That is a whole lot of laws to adhere to simultaneously. Here we will outline the current and proposed consumer data privacy laws to understand where they overlap and where they diverge. By seeing what they have in common, we can get a baseline understanding of the most important elements of any consumer data privacy initiative.

This document is only available to members. Please log in or become a member.
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field