The State Data Privacy Act
A sample compromise bill built on existing state laws that meaningfully protects privacy while encouraging innovation.
Every American deserves privacy protections, so we set out to craft a proposed privacy bill that works for businesses and consumers alike. The base text of the State Data Privacy Act is the Connecticut Data Privacy Act (CTDPA), a bill that industry often cites as a model for other states to adopt. In our view, CTDPA contains far too many loopholes that prevent it from offering strong privacy protections, but it is an established bill that many state lawmakers are already familiar with. Strengthening the CTDPA provides consistency for businesses while giving consumers meaningful privacy protections.
The goals of the State Data Privacy Act are to:
• Limit ubiquitous online tracking;
• Encourage more privacy-protective methods of online advertising;
• Protect the most sensitive data, including data about kids and teens;
• Use language from existing state laws; and
• Allow for meaningful enforcement of the law to ensure compliance.
The State Data Privacy Act borrows existing language from strong state laws and federal bills wherever possible. Borrowing existing language reduces the chances of conflicts of law and, in many cases, also represents years of deliberation and stakeholder discussions. Because our organizations have been involved in privacy advocacy at the state level for many years, we are familiar with recurring patterns of contention and compromise between businesses and consumer privacy advocates. While this draft does not represent the ideal privacy bill for any of the signatory organizations, it is a compromise that would meaningfully protect consumers.
Share this Resource: