What's on the Horizon? How US Federal and State Governments are Expanding Data Privacy Laws in the Wake of GDPR

January 28, 2020

By: Fred J. M. Price and Elizabeth L. Morgan

The passage of the California Consumer Privacy Act (CCPA), which was preceded by the EU’s General Data Protection Regulation (GDPR), triggered a national conversation among members of the US federal and state governments regarding the status of their respective data privacy laws. As such, there has been a flurry of legislation considered across the nation, some of which has recently been enacted into law. 

Numerous states are following California’s lead and developing ambitious data privacy laws. Nevada and Maine have both passed data privacy legislation with effective dates of October 1, 2019 and July 1, 2020, respectively. Hawaii, Illinois, Maryland, Massachusetts, New Mexico, Pennsylvania, Rhode Island, and Texas have or currently are considering legislation modeled after the CCPA. Washington is considering modeling their legislation after the GDPR. New York is considering four bills that would vastly expand data privacy protections.

Congress is acting too. The 2019-2020 session alone introduced 26 bills that address data privacy protection. These bills range from comprehensive data privacy legislation (the Digital Accountability and Transparency to Advance Privacy “DATA” Act), to regulating facial recognition technologies (the Commercial Facial Recognition Privacy Act), to tracking personal information (the Mind Your Own Business Act). While most of these bills are not expected to progress, at least anytime soon, Congress continues to express bipartisan support for general data privacy protections.

It is all but certain that data privacy legislation will continue to be proposed and enacted here in the US and abroad, expanding the data privacy rights of individuals. 

For more information regarding these new laws and how to prepare your business for compliance, contact Fred Price, Elizabeth Lehmann, or any one of our attorneys in the Cybersecurity and Data Privacy Practice Group.