U.S. businesses are working hard to comply with the GDPR, while preparing for the California Consumer Privacy Act (CCPA).
But that may be only the start of what they face: The GDPR and CCPA could be the benchmarks for federal privacy legislation, according to Brookings scholars.
For example, many federal bills echo the GDPR and CCPA by including rights for individuals to access, modify, delete, and export data.
A federal law could help the U.S. meet GDPR adequacy requirements for international data transfers while preempting state privacy laws like the CCPA, researcher Caitlin Chin writes in a summary.
There are also “moral- or principle-based” reasons that are partly prompted by heightened public awareness of online data collection driven by the GDPR and CCPA, Chin says.
A federal law could help the United States meet GDPR adequacy requirements for international data transfers while preempting or supplementing state privacy laws like the CCPA, Chin adds
And there are also “moral- or principle-based” reasons, prompted, in part, by heightened public awareness of online data collection driven by the GDPR and CCPA, Chin adds.
The report notes that “Senate Commerce Chairman Roger Wicker (R-MS) and Ranking Member Maria Cantwell (D-WA) recently released bill proposals that place stricter limitations on algorithmic decision-making, biometric data, and data minimization, beyond what the CCPA currently provides.”
GDPR is critical for the U.S. because the EU countries are the largest U.S. trading partner. And California contributes 14% of U.S. GDP.
Brookings scholars Cameron Kerry and Nicol Turner-Lee joined Jeff Brueggeman of AT&T, Roslyn Layton conducted a discussion of these issues on Dec. 13.
What seems to be missing is what options to the publishers have. Many like my company don't do business in Europe and no plans to do so. That's understandable to many. However when it comes to the demands of California, this becomes an another issue. Who to say that a publisher can not simply opted out of doing business in California? This sounds silly but who to say that the rules set by one state is superior over the other state?
Personally, I think the existing privacy laws are good enough. So why do we need more?
The point of the question is, why shouldn't privacy laws be made in the hall of congress insteads of the chamber of one state?