The growing jumble of state privacy laws could cost out-of-state businesses from $98 billion to $112 billion per year, with the total exceeding $1 trillion over 10 years, according to The Looming Cost Of A Patchwork of State Privacy Laws, an economic model released Monday by the non-profit Information Technology & Innovation Foundation (ITIF).
Small businesses would be hit with costs of $20-23 billion annually, according to the study. Over a decade, this could total $200 billion.
California’s privacy law will cost businesses $78 billion per annum, $46 billion within California and $32 billion outside the state. The state attorney general estimates that in-state firms would incur costs of $55 billion.
Presumably, new privacy laws will require positive consent to be included on email lists, data access on demand and the right to disappear.
The ITIF reports that 34 states have introduced 72 privacy bills since 2018.
These duplicative rules also create confusion for consumers, the report continues.
The solution, according to the ITIF, is federal legislation -- similar to GDPR -- that preempts state laws, streamlines regulation and establishes basic consumer data rights .
“Poorly designed data privacy laws can impose a substantial toll on the economy through both direct compliance costs and indirect costs from lower productivity and constraints on innovation,” states Daniel Castro, vice president of ITIF and co-author of the report.
Castro adds “Your privacy rights should not change when you cross state lines. Policymakers should move quickly to pass legislation that creates a national data privacy framework.”