Close this menu
illustration representing people interacting with technology

Online Privacy

and how it affects us everyday

In the digital world of data, understanding what information about us exists online and what controls we have over it are key. Respect for privacy is a crucial component of a healthy internet ecosystem. Data can achieve amazing things, like making online content or personalizing shopping recommendations more relevant to our needs and interests. For that reason, it’s important for users to feel like their data is respected and secure.

Current State of Privacy

State Laws

State Web

39 states have passed student privacy laws that do many things from restricting tech companies’ use of student data to giving students control over their data and knowledge of how it is being used. Many states model their student privacy laws after California’s Student Online Personal Information Protection Act (SOPIPA), which prohibits tech companies from knowingly engaging in targeted advertising to students, profiling K-12 students, and selling or disclosing a student’s covered information. 

Three states, Illinois, Texas, and Washington, have passed laws that regulate the collection, use, and disclosure of biometric information to regulate how companies use our retina scans, fingerprints, voiceprints, and facial photos.

All 50 states have data breach notification laws, but each state has different rules on what counts as a breach of our personal information or how quickly they need to be notified.

Virginia, Colorado, Nevada, and California have passed significant consumer data privacy regulation. Many other states have considered broad data privacy regulation and risk the creation of a patchwork of laws that would create confusion for consumers and disruption for innovators. 

Federal Legislation

Under our current harm-based approach to privacy, the United States does not have any omnibus federal laws regarding privacy. Instead, it tackles issues regarding privacy piece by piece.

Our federal laws on private actors and privacy vary in scope, protecting a variety of user health information, children’s privacy, financial information, and electronic communication. 

While the harm-based approach to privacy is most effective, recent actions at the state level to create state specific omnibus privacy laws and a mismatched patchwork of state privacy regulation, there is a real need for a federal standard for privacy. 

American companies are being forced to comply with European standards in part due to an absence of an American alternative. Similarly, Americans in states without laws could find themselves subject to the onerous restrictions imposed by other states or consumers in regulated states lose out on technology available nationwide.

Only with a federal law can the US ensure Americans, American businesses, and American entrepreneurs remain safe online while also eliminating the growing costs of compliance state-based regulation causes.

The Facts


Why does this matter for us?

Bad regulation in this area makes the internet cumbersome for users and businesses. It could prevent the next great technological application and could lead to confusion for consumers.

Businesses big and small, online and offline, have to identify and comply with over one-hundred different privacy laws that are constantly changing monthly and annually. To comply, businesses have to move money away from hiring staff, innovating, and lowering prices, toward instead funding attorneys. Presuming all use of data is harmful, or that privacy is always the priority, can have real consequences for free speech or and the extremely helpful uses of data like ID’ing individuals impacted by disasters. If businesses could rely on a set of rules and regulations, legal costs go down, barriers to entry decline, and innovation could become supercharged. Americans could more easily know their privacy rules without worry that crossing state borders could drastically affect their personal information online. If businesses could rely on a set of rules and regulations, legal costs go down, barriers to entry decline. At the same time, Americans can know their privacy rules and need not worry about privacy in neighboring states being greater or lower than their own. All will be on equal footing.

What American privacy legislation needs

It is urgent that Congress enact a National Standard on federal privacy laws and data breach laws. Federal Privacy Law needs to ensure that it:

sets a National Standard. Creating a national standard reduces the complexity and compliance costs of protecting Americans’ privacy online.

Focuses on the risks and harms related to data rather than the size of the company doing the collection. Regardless of size or tax status, we need to ensure Americans’ privacy is protected regardless of who is doing the collecting.

Empowers enforcement only by the government. Because their financial compensation is not dictated by the number of cases or percentage of fees, government agencies have the express goal to do what is best for the people they serve and ensure that actions are brought on the merits of the suit.

Creates self regulatory regimes to encourage best practices. By following the self-regulatory model set out in the Children’s Online Privacy Protection Act, the United States can avoid enforcement problems caused when limited resources prevent effective privacy protections and lax or no enforcement.

Conditions penalties on the actual harm incurred. Because civil law can ensure that the system isn’t abused to favor competitors or serve as an artificial revenue source, ensuring that we’re focusing on the actual harm incurred and not statutory damages will ensure the system remains fair.

In Conclusion