The modern data economy is too big to regulate at the state level.
The federal government has yet to act, and states are rushing to pass their own data privacy legislation, creating a patchwork of laws from coast to coast. Many of these laws are well-meaning, but their proliferation creates a real risk and a real cost.
The risk is that Americans have a false sense of security that their privacy is consistently protected. The cost is that online and offline businesses large and small pay a steep price to comply with a vast array of privacy rules.
A patchwork of state laws means that a California woman who orders an item from a Missouri business that manufactures in Florida could have her data regulated by three separate laws, or by no applicable law. Despite California’s Consumer Privacy Protection Act the state’s residents cannot be assured that the protections that apply when they deal with a business covered by the law will apply when they shop at their corner store, travel across the country or engage in online transactions with companies that are not subject to California’s privacy law.
Not only will this add to consumer confusion around how data is handled, it will also undoubtedly lead to inconsistent treatment of data depending on a variety of factors, including the residency of the consumer and the type of businesses with whom they interact.