The European Union launched GDPR in 2018, immediately casting the U.S. to the also-ran position when it comes to protecting consumer data rights.
Since GDPR went into effect, only California has successfully passed a comprehensive data privacy law. Just 14 states formally introduced a data privacy law and if it were up to big tech, the fewer the states, the better.
Companies are holding out for a federal privacy law, and for good reason. A federal data privacy law would streamline compliance across the 50 states and its territories. It would also allow companies to lobby on Capitol Hill.
A successful data privacy law allows for adequate consumer protection without stifling industry innovations; compliant companies should be able to answer these questions:
- How is consumer data collected and used?
- How is the data stored?
- What are a company's ethics in terms of data collection?
- What is the process for copying or deleting data upon verifiable request from consumers?
Here, CIO Dive tracks the states pursuing data privacy laws. For each state, there is a brief description of the law's requirements, its status and a link to the original law.
CIO Dive will mark a bill as "passed" if it clears legislative hurdles without significant modifications that detract from its intent as comprehensive data privacy legislation.
Want to know when a new state data privacy law is passed? Sign up for our newsletter to get an updated version of this tracker when a law surfaces. Have a question or comment? Email us.