• by Ray Schultz , December 20, 2019

U.S. businesses are working hard to comply with the GDPR, while preparing for the California Consumer Privacy Act (CCPA).  

But that may be only the start of what they face: The GDPR and CCPA could be the benchmarks for federal privacy legislation, according to Brookings scholars.

For example, many federal bills echo the GDPR and CCPA by including rights for individuals to access, modify, delete, and export data.

A federal law could help the U.S. meet GDPR adequacy requirements for international data transfers while preempting state privacy laws like the CCPA, researcher Caitlin Chin writes in a summary. 

There are also “moral- or principle-based” reasons that are partly prompted by heightened public awareness of online data collection driven by the GDPR and CCPA, Chin says.

A federal law could help the United States meet GDPR adequacy requirements for international data transfers while preempting or supplementing  state privacy laws like the CCPA,  Chin adds

And there are also “moral- or principle-based” reasons, prompted, in part, by heightened public awareness of online data collection driven by the GDPR and CCPA, Chin adds.

The report notes that “Senate Commerce Chairman Roger Wicker (R-MS) and Ranking Member Maria Cantwell (D-WA) recently released bill proposals that place stricter limitations on algorithmic decision-making, biometric data, and data minimization, beyond what the CCPA currently provides.” 

GDPR is critical for the U.S. because the EU countries are the largest U.S. trading partner. And California contributes 14% of U.S. GDP. 

Brookings scholars Cameron Kerry and Nicol Turner-Lee joined Jeff Brueggeman of AT&T, Roslyn Layton conducted a discussion of these issues on Dec. 13.