We Need a Federal Privacy Law – Not a Patchwork of State Laws

America leads the world in innovation because we’ve developed laws that give tech companies the freedom to invent and create, while protecting citizens’ rights to privacy and individual expression.

But concerns about data privacy – how consumer data is handled and by whom – are creating a patchwork of confusing – and conflicting – state laws that could hamper innovation. California enacted a new privacy law at the beginning of this year, and other states are following suit. The time has come for a national privacy law.

A clear, thoughtful framework for data privacy makes sense. Consumers should know what types of data companies have about them and how that data is shared. But we also must preserve the unique ecosystem that has allowed U.S. tech companies to flourish. Here’s how we get there:

Teamwork, not patchwork. A state-centric approach simply doesn’t work in a digital economy, where data flows across borders in a matter of seconds. These laws create compliance costs for business (especially small businesses) and confusion for consumers. Our leaders must work together to create a uniform federal approach, where a California citizen knows exactly how her data is being handled by a Florida-based company, and vice versa. One reason we have scores of unicorns while Europe has few is that we have one unified market with one set of laws focused on promoting interstate commerce.

Create, don’t copycat. We are a nation of innovators. The principle of innovation has guided our technology, and it needs to guide our privacy policy as well. Not only does the EU’s overly restrictive General Data Protection Regulation clash with our national values, it is hindering Europe’s innovation economy. The compliance cost of GDPR has many small companies leaving European markets or abandoning plans to expand; in fact, the rules have already cost Europe up to 39,000 tech jobs.

Risk-based, not fear-based. One of the greatest failures of GDPR is its failure to recognize that not all data is equally sensitive. I happily hand out my email to business contacts; my Social Security number is a different story. Legislation needs to incorporate levels of risk and sensitivity. Rules should be based on the risk to the consumer, with the highest protections and requirements for sensitive data.

Consider cost to consumers. Many popular consumer services are ad-based, making them more accessible to more consumers. Congress should be careful not to prevent consumers from accessing free services based on business models.

No private right of action. A private right of action – allowing private parties to bring lawsuits – would hurt innovation and small businesses. The Federal Trade Commission can act against companies whose data practices hurt consumers. The FTC knows how to protect consumer privacy.

Protect innovation and small businesses. Privacy legislation should provide clarity while maintaining the flexibility to innovate. It should not inhibit small businesses’ ability to compete with more established companies. Congress must be careful not to reduce competition by choking smaller companies and blocking new entrants. The largest companies can afford the high compliance costs while smaller companies cannot.

Address specific consumer harm. Legal requirements and enforcement should be focused on addressing specific, concrete privacy harms, rather than banning specific uses of data. Congress should be wary of creating “opt-in” fatigue in consumers – overwhelming them with notices such as cookie pop-ups leads to less privacy and poor cyber habits.

Federal legislation must take these nuances into account. Failure to recognize these differences will result in policies that stymie innovation and stunt economic growth, hindering our global lead in innovation.


Gary Shapiro is president and CEO of the Consumer Technology Association, the U.S. trade association representing more than 2,200 consumer technology companies, and a New York Times best-selling author. His views are his own.

Morning Consult welcomes op-ed submissions on policy, politics and business strategy in our coverage areas. Updated submission guidelines can be found here.

Morning Consult