U.S. businesses are working hard to comply with the GDPR, while preparing for the California Consumer Privacy Act (CCPA).
But that may be only the start of what they face: The GDPR
and CCPA could be the benchmarks for federal privacy legislation, according to Brookings scholars.
For example, many federal bills echo the GDPR and CCPA by including rights for individuals to
access, modify, delete, and export data.
A federal law could help the U.S. meet GDPR adequacy requirements for international data transfers while preempting state privacy laws like the CCPA,
researcher Caitlin Chin writes in a summary.
There are also “moral- or principle-based” reasons that are partly prompted by heightened public awareness of online data
collection driven by the GDPR and CCPA, Chin says.
A federal law could help the United States meet GDPR adequacy requirements for international data transfers while preempting or
supplementing state privacy laws like the CCPA, Chin adds
And there are also “moral- or principle-based” reasons, prompted, in part, by heightened public awareness of
online data collection driven by the GDPR and CCPA, Chin adds.
The report notes that “Senate Commerce Chairman Roger Wicker (R-MS) and Ranking Member Maria Cantwell (D-WA) recently
released bill proposals that place stricter limitations on algorithmic decision-making, biometric data, and data minimization, beyond what the CCPA currently provides.”
GDPR is
critical for the U.S. because the EU countries are the largest U.S. trading partner. And California contributes 14% of U.S. GDP.
Brookings scholars Cameron Kerry and Nicol Turner-Lee
joined Jeff Brueggeman of AT&T, Roslyn Layton conducted a discussion of these issues on Dec. 13.