Many of us awakened on January 1st to a barrage of emails about CCPA (California Consumer Privacy Act). While you may not live in California, CCPA is an important benchmark in privacy law because it provides important clues about what’s to come. Here are some predictions about what we’re likely to witness over the course of the next year as it pertains to data privacy and regulation.
Following the Privacy Pack
While California was happy to be a front-runner, many other states all across the country are waiting and watching to see what happens. Pushing privacy regulation through provides great optics in an election year and can foster goodwill among voters, so regardless of the reaction to the California Consumer Protection Act (CCPA), either from the business side or from consumers, other states will likely sign their own versions of privacy law soon.
Last year, Illinois, New York, Washington, North Carolina, Texas, Virginia, Maine, and Vermont proposed their own privacy laws. Many failed to pass due to local-level politics. This could very well be the year many more bills are put on the legislative books.
Now that Europe has implemented GDPR, it is increasingly glaring that nothing similar exists on a federal level in the U.S. That’s mostly because of our system of checks and balances, which promotes a more thoughtful, decentralized approach to legislation. But it’s also due to the political leanings of those in a position to influence law. After all, with businesses holding so much political power in D.C. and on the state level, it’s sticky for lawmakers to pursue legislation that could harshly penalize organizations that abuse consumer privacy.
However, it is possible that this year could see a federal privacy law voted into place. The U.S. Chamber of Commerce is a proponent for the Federal Trade Commission as the enforcement agency of record, but that won’t happen unless an executive order or legislation is passed. Plus, with the current legislative investigations of Google and Facebook, attention is focused elsewhere.
Regardless, if we see seven or eight individual state privacy laws passed by May of this year, that could force the federal government’s hand. If that’s the case, a new federal privacy law could be put into place by the start of the next calendar year.
Facing International Pressure
If the U.S. legislative silence following GDPR is deafening now, when other countries begin implementing their own privacy laws, our own federal inaction will become vastly inadequate. We’re likely to see more international laws, especially with actions in China helping to shape the argument. The public is paying close attention to the ramifications of not having privacy laws to protect their data, and that public pressure will most likely influence the actions of legislators.
In fact, I believe that the likelihood of a federal privacy law being voted on during 2020 will largely depend on what is taking place on the international stage, and smart presidential candidates are more than likely to lean into consumer data protection during this critical election year.