Prior to the 2022–2023 legislative session, five states (California, Virginia, Utah, Colorado, and Connecticut) had passed consumer data privacy laws, but now the patchwork of state laws has more than doubled. Congress has continued to debate a potential federal standard with the American Data Privacy Protection Act in the 117th Congress being the first such proposal to be voted out of a committee; however, without momentum around a federal standard and with continuing and new concerns about data privacy from consumers, many states are undertaking their own policy actions around data privacy.
The patchwork nature of these individual state laws can potentially amplify compliance costs for businesses operating across different states and create confusion among American consumers whose digital footprint often crosses state borders. The potential financial impact of complying with 50 distinct state laws could surpass $1 trillion over a decade, with a minimum of $200 billion being borne by small businesses. As this patchwork grows, what does data privacy look like as the 2022–2023 legislative session comes to a close?
Read the rest of this post →