201909.130

Will the United States Enact a Federal Law on Privacy?

By Alex Rainville

With corporate giants like Amazon, IBM, Citigroup, and 48 others pushing for federal legislation on privacy, will the United States Congress act? In a letter to Congress, dated September 10, 2019, these corporate giants are pushing for a “comprehensive consumer data privacy law” that will stabilize the myriad of state rules.

In the absence of federal legislation, individual states have taken the responsibility for legislating consumer privacy and data security standards. In fact, Alabama was the last to enact such a law, and that law has been in effect since June 1, 2018. However, most individuals are unaware of their rights and, importantly, most businesses are unsure of how, or are simply unable, to comply with many of the state laws. Even the much-publicized California Consumer Privacy Act (“CCPA”) remains a challenge for businesses to comply with, and many businesses remain unaware that they are subject to this rules even though they reside outside of California.

This push for federal privacy legislation comes on the heels of the European Union enacting and implementing the General Data Protection Regulation, which ushered in an unprecedented level of privacy measures for European Union Data Subjects and regulatory burdens for data controllers and processors. Will the US Congress follow suit and implement a federal data privacy law? Only time will tell, but businesses should be prepared to comply with each state rule, as enforcement and fines for failure to comply have started to hit US companies of all size.