4 Warnings About What a Patchwork of State Privacy Laws Could Mean for You

In an interview with Recode, House Speaker Nancy Pelosi (D-Calif.) said a national standard for data privacy that pre-empts state laws “won’t happen.” If she blocks efforts for a single national standard on data privacy, a patchwork of state laws like California’s law, Washington state’s proposal and more will become a complicated and confusing reality. Here are just four warnings about what this could mean for your data privacy. Spoiler alert — it isn’t good.

A patchwork of 50 different state laws could fragment the internet

Right now, no matter where you are, the internet is seamless. However, if a patchwork of 50 different state laws goes into effect, that will change. A company may be forced to completely black out sales and services in some states if they can’t comply with conflicting and onerous data privacy laws. The internet could fragment, drastically changing the convenient and seamless consumer experience we expect. This means that someone in Washington state may not have the same options or platforms available as someone in San Francisco and Silicon Valley. How is that fair or even workable?

A patchwork will drive up costs for you and your family

A patchwork of state laws will also lead to increased compliance costs for startups and small businesses, and result in increased costs for you. This is already happening in the European Union under its General Data Protection Regulation. Their overbearing rules are forcing compliance costs between $1 million and $10 million. And this is just under one set of rules. Imagine if small businesses had to comply with 50 different laws? Compliance costs would skyrocket, and so would the costs of the products you purchase.

A patchwork won’t keep your data secure

A patchwork of state laws will also give hackers more loopholes to exploit, making it easier for them to tap into your smart home devices, Wi-Fi baby monitors, health trackers and more. If companies are forced to work overtime to comply with 50 different regulatory regimes, they won’t be able to innovate and keep up with the evolving ways bad actors seek to access your information. That creates more opportunities for your privacy to be invaded. A national standard, on the other hand, will provide clear rules of the road and give you the same data protections wherever you go.

A patchwork of laws could keep you in the dark on how your data is collected

Imagine the hardship 50 different state laws would create. What would it mean if you live in Washington, buy something online from a small business in Oregon, and ship it to your family in Idaho? Not only would this provide an arduous patchwork of laws for small businesses and startups to navigate, but it would be nearly impossible for you to trust or have a say over how your data is being collected and used.

Especially in cases where technology is tracking personal health data, companies need to earn and keep your trust. There shouldn’t be any surprises over data use, and most Americans feel that way. According to a recent survey, more than 90 percent of respondents want online companies to get permission before sharing or selling personal data. However, how can you trust a system where in one state you may know how your data is used while in another you could be left in the dark? You can’t. With changing rules across state lines, there’s no way to guarantee the transparency and accountability that you rightfully expect.

Speaker Pelosi told Recode that she wants to get privacy legislation right. That’s great but dismissing federal pre-emption is a bad place to start. You deserve better than her preferred patchwork because we simply can’t trust that it will protect your privacy or empower you to control how your data is used. A enforceable and single national standard is critical, and I will continue to lead to make it happen.

Cathy McMorris Rodgers represents Washington’s 5th Congressional District and is the Republican leader on the Energy and Commerce Subcommittee on Consumer Protection and Commerce, which has jurisdiction over data privacy and other technology issues, along with consumer protection.  

Morning Consult welcomes op-ed submissions on policy, politics and business strategy in our coverage areas. Updated submission guidelines can be found here.