Some items on our site have recently moved. Visit our News Hub for selected articles, special reports, podcasts and other resources.
California’s new consumer privacy act likely to remain only comprehensive US privacy law
13 March 2020 00:00 by Amy Miller
California’s new consumer privacy act is likely to remain the only comprehensive privacy law in the US for a while.
Washington state legislators this week failed to pass their own sweeping data privacy bill, for the second year in a row, bringing into sharp relief one of the most difficult challenges in enacting privacy legislation: agreeing on who should enforce it.
The Washington Privacy Act was among the most highly anticipated privacy measures introduced this year. Like the California Consumer Privacy Act, Washington state’s proposal established consumer rights for access to and correction and deletion of data. It also gave residents the right to opt out of data-processing and the right to data portability, creating rights for state residents not available elsewhere.
More than a dozen states have also introduced their own comprehensive privacy bills this year modeled, to varying degrees, after the CCPA and Europe’s General Data Protection Regulation.
But no state proposal so far has had the momentum of the proposed WPA. Although public hearings have been held on privacy bills in Connecticut, Maryland, New York, New Hampshire and Wisconsin, most remain in the chamber of the legislature where they were introduced.
Several state bills have already been tabled, held for further study or withdrawn, including proposals in Virginia, Rhode Island, New Jersey, Maryland and Mississippi.
In Washington state, lawmakers were once again unable to reach an agreement about who should enforce their proposal: the attorney general or consumers empowered with the right to sue companies over violations.
The proposed WPA had strong support and momentum after it was introduced by Senator Reuven Carlyle, a Democrat from Seattle, in February, without a private right of action. The WPA passed the state Senate in February with almost unanimous support. Soon after, it passed the state House of Representative.
But House members included an amendment giving residents the right to sue under the state’s consumer protection law. Senators refused to accept the change, and while both sides tried to work out a compromise in a conference committee, they couldn't, lawmakers announced Thursday.
The same dispute had doomed similar legislation introduced by Carlyle last year.
The same disagreement over granting consumers the right to sue over alleged violations continues to divide lawmakers in the US Congress attempting to draft federal privacy legislation, along the usual party lines, with Democrats largely in favor and Republicans against it.
Republican Senator Jerry Moran of Kansas and Democratic Senator Richard Blumenthal of Connecticut worked for nearly two years to find common ground on a nationwide comprehensive privacy law. But Moran introduced his own bill this week after they couldn't come to an agreement over whether to include a private right of action.
Moran’s bill would preempt state laws like the CCPA and doesn't include a private right of action. It would give state attorneys general the authority to bring civil actions on behalf of their residents.
With no likely compromise expected in Congress anytime soon, and with Washington state’s privacy bill dead, the CCPA appears likely to remain the only comprehensive law regulating consumer privacy in the US.
26 May 2023 14:59 by Sam ClarkWhen the EU’s General Data Protection Regulation came into force five years ago, some said it would usher in a new era of EU supremacy over Silicon Valley's tech giants, reining in their rampant data-driven power.
24 May 2023 15:39 by Mike SwiftSince the General Data Protection Regulation took effect five years ago this week, more than 40 countries have enacted national privacy laws, most of which drew liberally from the canonical text of the EU law.
23 May 2023 23:47 by Mike SwiftThe count of countries with data protection laws more than doubled to 162 over the past dozen years, a total that includes a wide majority of the world’s nations, with new research suggesting data protection rules are approaching ubiquity.