The not-yet United States of data privacy, 1 year after GDPR

May 22 14:13 2019 Print This Article

Fewer than 20 states have a data privacy bill in the works, with many breathing their last breaths in committee, dying before making it to the governors’ desks.

One year in, GDPR-like legislation is crawling through state governments. Year two shows no indication regulations will be up and running.

States are beginning their data privacy legislation journeys and while California has forged a path, it’s one less traveled. Fewer than 20 states have a data privacy bill in the works, with many breathing their last breaths in committee, dying before making it to the governors’ desks.

“GDPR wasn’t informing the debate. GDPR informed the attitude of the companies that understood they had to deal with privacy,” said California Senator Robert Hertzberg, D, in an interview with CIO Dive. Hertzberg helped pass the California Consumer Privacy Act (CCPA) last year.

Companies have created an imbalance between themselves and consumers. The extreme examples of data collection and unsolicited use of it include Google’s search engine and Facebook’s social platform, fueled by consumers offering data in exchange for services.

This often is less of a business transaction and more of bait and switch.

Bartering personally identifiable information for a free service is “not a fair bargain for exchange anymore,” said Hertzberg. “I’m a pretty moderate person but it’s at the point where we do need to intervene.”

Lawmakers recognize they have to act because data privacy, at its core, is focused on consumer protection. However, there is substantial disagreement about how far data privacy legislation should go, so much so lawmakers are “on the verge of doing nothing,” said Texas Representative Giovanni Capriglione, R, in an interview with CIO. Capriglione championed the Texas Privacy Protection Act (TPPA), though it’s yet to pass.

At this point, Hertzberg and Capriglione have little expectation for a federal data privacy law, putting pressure on state governments to step up.

“I don’t think there’s any reason to wait for the federal government,” said Capriglione.

Which states are in the game
The United States is far behind the EU in creating a holistic federal data privacy law and state legislation is moving at a crawl.

Lawmakers are always “hesitant to do anything without perfect legislation,” said Mitchell Noordyke, Westin fellow for the International Association of Privacy Professionals (IAPP), in an interview with CIO Dive.

The avenue for a law to get passed is to have “enough parties in one state being comfortable with merely good legislation, not perfect legislation,” said Noordyke.

There are 14 states with either passed, pending or dead data privacy laws, refined by preferences and political parties.

The original article was posted here: https://www.ciodive.com/news/the-not-yet-united-states-of-data-privacy-1-year-after-gdpr/554957/

  Article "tagged" as:
  Categories:
view more articles

About Article Author

GDPR Associates
GDPR Associates

View More Articles
write a comment

0 Comments

No Comments Yet!

You can be the one to start a conversation.

Add a Comment