For better or worse, the United States is an outlier across many global metrics, and its approach to consumer privacy is no exception. While most nations are in the process of enacting or strengthening federal privacy laws, the United States is set to become one of the few major global economies without federal online privacy protection. For consumers whose personal information is frequently blatantly abused, this situation needs to change.
Fortunately, in 2021, we are likely to see the first significant push toward a true federal data privacy law in our nation's history. While the adoption of the GDPR in the European Union, the world's largest trading bloc, in 2016 may have made a US equivalent historically inevitable, this push is also driven by tailwinds coming from the state level.
Over the past year, privacy legislation achieved widespread political and public support in a diverse range of states. In California, the most populous state by far, the California Privacy Rights Act's (CPRA) landslide victory in November highlights the public's growing appetite for privacy protection. However, with 75% of Americans saying they want more privacy protection online, it's clearly not just Californians who feel strongly about their online privacy.
What a Federal Privacy Law Might Look Like
With an array of serious proposals from both sides of the political divide, some form of federal privacy law now looks like an inevitability. While far from the only privacy-focused bills currently under consideration, the COPRA and the SAFE Data Act show two different views of what a federal privacy landscape might look like.
On one side of the political debate over privacy, the Consumer Online Privacy Rights Act (COPRA), sponsored in late 2019 by Democratic Sen. Maria Cantwell of Washington, outlines a GDPR-esque privacy environment for the United States. Much to the chagrin of big tech, COPRA would allow consumers to opt out of their data being collected and shared and give individuals the right to sue any organizations that violate their data privacy rights directly. If adopted, the COPRA would also stand in addition to any existing state legislation. This provision means that laws like CPRA would still stand, and the COPRA would not preempt further state-level privacy legislation.
An alternative, more "business-friendly" version of what a federal privacy law might look like can be seen in the SAFE DATA Act. Proposed by a group of GOP senators led by Mississippi Sen. Roger Wicker, SAFE DATA outlines a less stringent vision for federal privacy legislation. Under the SAFE DATA Act, each state's attorney general would enforce online privacy legislation alongside the Federal Trade Commission. The SAFE DATA Act would also make federal legislation take precedence over any existing and future state-level laws and not allow individuals to take action against companies directly.
What Federal Privacy Legislation Needs to Deliver for Consumers
While the two acts mentioned above highlight differences in political opinion about federal legislation, a pragmatic approach to privacy is wise. In my opinion, the best privacy act under consideration is the one that can pass into law. Although what our nation needs now is a strong precedent for federal privacy protection, future amendments and improvements are what will deliver both greater consumer privacy and other benefits like the following.
1. A More Streamlined Online Experience
Americans have an average of 27 online accounts that require different passwords and share users' email addresses and personal info with hundreds of third parties. A federal privacy law would provide the ability to opt out of many of these by removing the need to form a long-term relationship for a one-off transaction.
By requiring a smaller number of online accounts to access the same services, a comprehensive piece of federal privacy legislation would create a far more streamlined online experience. The fewer online accounts you need to access online services, the safer your personal information is.
2. More Choice of Services and Providers
As any federal law is likely to result in a uniform regulatory environment around privacy, businesses would not have to treat customers differently based on their location.
If American privacy laws harmonize with the European GDPR standard, it would also enable greater ability to exchange data internationally. With a single data-privacy standard, Americans could shop more confidently with a broader range of vendors, knowing that every service is subject to the same regulatory regime.
3. Leveraging Your Privacy Preferences
By choosing to "opt in" or "opt out," consumers would be able to leverage the value of their personal information when dealing with businesses. This new freedom could open up new business models and offerings for customers willing to allow companies to use their data.
In 2021, privacy is going to be high on the agenda for both the Biden administration and its political opponents. However, while the details of any potential federal legislation are important, the precedent may be more vital. While the first instance of any law will undoubtedly be imperfect, any federal regulatory framework is better than none at all.