A New Digital Age: Why COVID-19 Necessitates Preemptive Federal Action To Regulate Data Privacy
Volume 94, Online
By Jason Hirsch [PDF]

In the United States, data privacy protections are largely regulated at the state level. While only California, Nevada, and Maine have passed data privacy laws, a majority of states have introduced data privacy legislation. A state-by-state regulatory system would be extremely costly for multistate corporations forced to comply with potentially fifty unique data privacy laws. In response to this concern, there is proposed federal legislation that would at least partially preempt state laws and provide the country with a uniform system of data privacy regulations. If a federal data privacy law were enacted, it would provide significant cost savings for companies and eliminate the potential of inequitable protections between Americans residing in different states.

Unfortunately, deep partisan divides in Congress have prevented meaningful action toward adopting a federal data privacy law. Since 2019, Congress has introduced a variety of bills that would govern the use of private data. While the protections within each bill are substantively similar, there are nonnegotiable partisan differences in how each bill structures the scope of preemption, private right of action, and method of enforcement. Ultimately, these disputes stalled efforts to enact a bill before 2021.