On Wednesday, February 16, 2022, legislators in Oklahoma and Wisconsin held hearings on bills to increase consumer data privacy protections.  Despite the good intentions, the two bills join a litany of proposed legislation that will ultimately do more harm to consumers than good.  To adequately protect consumer privacy, instead of enacting a piece-meal state-based privacy regime, state legislators should instead pressure their federal counterparts in Congress to adopt a nation-wide consumer data privacy standard.

Oklahoma and Wisconsin’s bills, HB 2969 and AB 957 respectively, are just two of several pieces of legislation being considered across the country by individual state legislatures during the current legislative session.  Like their counterparts in other states, the bills in Oklahoma and Wisconsin offer data privacy protections and restrictions unique to their states.  If enacted, they would contribute to the growing hodge-podge of state-level data privacy laws.

Currently, three states, California, Colorado, and Virginia, have adopted comprehensive data privacy bills, and more are expected to follow.  According to a January 24, 2022, Information and Technology Foundation analysis, 50 individual state data privacy laws could cost $1 trillion more over 10 years than having a single national framework.

The establishment of radically different laws in each state makes compliance nearly impossible for businesses.  A company that does business in California and Virginia, for example, must tailor its online presence in both states to comply with the drastically different requirements of the two states.  Complications will continue to grow as additional states add to the patchwork with their own unique bills.  The significant compliance costs alone should serve as a warning against further adoption of state specific data privacy legislation.

Commerce does not stop at state borders and the internet does not recognize state and local boundaries.  Because of the interstate nature of the internet, the power to regulate online activities should lie with Congress, not the states.  The Commerce Clause of the Constitution gives Congress the power to regulate actions that cross state lines.  Therefore, instead of enacting laws that will not protect their residents, states legislators should put pressure on their counterparts in Congress to adopt a national data privacy framework. 

On November 8, 2018, Citizens Against Government Waste offered guidelines to the National Information and Telecommunications Administration providing recommendations for a national privacy framework that will work across the country now and into the future.  Among the key points that should be included in any privacy law are:

• A National Privacy Framework

• Consumer Choice and Control

• Transparency

• Data Minimization and Contextuality

• Flexibility

• Data Security and Breach Notification

In the end, only a national framework established by Congress can adequately and properly provide consumers the data privacy protections they need and want.  Instead of enacting bills that will not provide appropriate protection for their residents, state lawmakers should call upon Congress to adopt a comprehensive nationwide data privacy law.