Data Privacy Landscape Changing Fast

The United States has a varied data privacy landscape comprised of a series of federal, state and local laws. Some states have enacted data privacy laws that are outpacing federal legislation with respect to the scope of protections being addressed. Many are wondering if the United States will adopt a consumer data privacy and protection law as strict and far-reaching as the EU’s General Data Privacy Regulation.

As of 2018, 50 states have passed data privacy laws. Illinois, with its Biometric Information Privacy Act, and California, with its Consumer Privacy Act, have been in the vanguard. The ruling in the 2018 Supreme Court case Carpenter v. the United States — that law enforcement needs a warrant to search cell phones — was an unexpected win for data privacy advocates, who for many years bemoaned the antiquated laws being applied to cases dealing with digital information. Carpenter v. United States is a high-level case that offers the opinion that evidence in digital form is different and requires special consideration with searches. The Carpenter case will spur discussion about updating laws to deal with handling personal data in criminal and civil matters.

In 2019, we are likely to see movement on a national data privacy law, most likely more business than consumer-friendly. This will not stop states from trying to enact more data privacy laws. One issue is whether a national data privacy law, if passed, will be comprehensive enough to quell further state-level legislation.