States Push Internet Privacy Rules in Lieu of Federal Standards

growing patchwork of online privacy proposals at the state level, rather than a national framework, could create new consumer protections and additional question marks for business.

Virginia lawmakers are poised to pass a privacy bill in a legislative session expected to end this month. For the third time, Washington state officials are considering compromises for a possible privacy bill. States like New York, Minnesota, Oklahoma and Florida are working on similar proposals.

In recent weeks, the coronavirus pandemic has changed daily life online, according to privacy experts, raising consumer concerns about potential abuse. Leaders warn that the emerging situation regarding how companies can collect and use personal data could cause headaches for companies operating across borders.

The idea that you can split your business to treat consumers in California differently than those in Washington or Virginia is silly, he said.

Tanya Forscheit,

Chairman of the data protection and data security group of the Frankfurt law firm Kurnit Klein+Selz PC.

Many companies have been warning of a patchwork of privacy laws since California passed its landmark privacy law in 2018, and elected officials in Washington, D.C., faced a federal bashing.

Responding to the different approaches can be a challenge for e-commerce, which has seen strong growth during the pandemic, said Cy Fenton, chairman of the National Retail Federation’s Information Technology Security Council. While online merchants sell products to consumers in one state, they often ship those products to recipients in other states and share data from those transactions with third-party marketers in other states, he said.

Proceed to

California’s 2018 privacy law has imposed additional burdens on other states seeking to adopt comprehensive privacy protections in lieu of the federal standard.


Current accounts in the legislature

Bills dead or stranded in the legislature


Current accounts in the legislature

Bills dead or stranded in the legislature


Current accounts in the legislature

Legislative proposals dead or blocked at legislative level


Current accounts in the legislature

Legislative proposals dead or blocked at legislative level

Trying to comply with the network of rules makes your targeted advertising a little less effective.

Many companies are responding to this pressure by hiring lawyers or recruiting start-ups to help them comply with the law.

But lawmakers, consumer advocates and industry lobbyists are currently debating details that may differ from existing laws in California and the European Union, such as B. distinguishing between certain data to be processed, defining what information is available to the public, or giving consumers the right to choose whether or not to cooperate with companies’ collection of sensitive data.

In Virginia, where nearly identical proposals have been approved by both houses of the legislature, officials say they hope to develop a business-friendly approach to regulation. Unlike California’s law, which gives consumers a limited right to sue companies for breaches of their data, the Commonwealth’s Consumer Privacy Act does not give Virginia citizens this right.

Newsletter subscription

WSJ Pro Cybersecurity

News, analysis and views on cyber security from WSJ’s global team of reporters and editors.

In a letter to Virginia lawmakers this month, Consumer Reports and other advocacy groups criticized individuals who can’t sue companies over data breaches. Technological companies such as Inc.


International Business Machines Corp.

say they support the bill.

If the states could use Virginia as a model and the states could consistently follow that path, that would be helpful to us, said Christina Montgomery, chief privacy officer at IBM. She added that the Virginia proposals also use the terms controller and subcontractor, which are similar to EU rules.

Enforcement remains an open question in Washington state, where Democratic Senator Reuven Carlisle last month unveiled an updated version of Washington’s privacy law, which had been stalled in each of the past two years for fear that the attorney general would not be able to enforce the resulting law alone.

Representative Shelly Kloba, also a Democrat, has introduced a competing bill backed by the American Civil Liberties Union in Washington that would provide a private right of action and allow local governments to take potentially stricter privacy measures.

However, she was open to possible compromises in view of the digitization of work, school and socialization during a pandemic.

It’s just much more important that we have a privacy policy, she said.


GumGum Inc.

Some companies try to innovate to circumvent consumer concerns and regulatory issues.

Digital advertising company GumGum Inc, based in Santa Monica, California, places ads by analyzing the content and metadata of the pages users visit, the company said, rather than by analyzing users’ behavioral data, such as the number of visitors to the site. B. previous surfing habits.

Yet the company responds to a dozen requests a day to stop selling consumer information, said T’Juana Albert, GumGum’s global director of compliance and legal affairs. These compliance problems with third-party providers could multiply as companies share data to market their products and states’ laws are made available online, she said.

Often [external partners] are the ones who are not qualified, Albert added. You, as a company, don’t necessarily know that.

Email David Uberti at [email protected]com.

Copyright ©2020 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8

frequently asked questions

Which states in the US have privacy laws?

Q : Which states have data protection laws? A : Very few – only three! Of course, all 50 states now have a data breach notification rule, which also generally requires adequate data security. But at the time of writing, only California, Nevada and Maine have privacy laws.

Is there one comprehensive privacy law in the United States?

There is no comprehensive federal privacy law in the United States. There is a complex body of industry- and media-specific legislation, including laws and regulations governing telecommunications, health information, credit information, financial institutions and marketing.

maine privacy law,data privacy laws by state,50 state survey privacy laws,nevada privacy law,us privacy laws vs gdpr,federal data privacy legislation,termly privacy laws around the world,data privacy regulations worldwide,internet privacy laws 2019,internet privacy laws 2020,privacy policy template,gdpr,what are the laws of internet?,international internet privacy laws,internet privacy act 2017,Feedback,net neutrality ajit pai,net neutrality pros and cons,net neutrality repeal effects,net neutrality 2020,net neutrality biden,save the internet act,Privacy settings,How Search works,state privacy laws 2020,united states data protection laws,privacy regulations,u.s. privacy laws 2020

You May Also Like