Data privacy laws in the USA

Abstract

Technological advancements over the last couple of decades have changed the world as we know it. As consumers increasingly adopt digital technologies, they end up sharing their personal data with companies that power these technologies, including sensitive personal data, and implicitly trust the companies to honour their privacy. A growing number of data breaches, especially those involving blatant disregard for customer privacy by large tech companies such as the Facebook-Cambridge Analytica incident of 2016, have led to an erosion in customer trust. Several countries across the world have taken cognisance of the seriousness of data privacy protection and have enacted comprehensive data privacy laws, however, the USA still relies on a concoction of statewide and sectoral laws, which are not adequate. There is a need for the enforcement of a comprehensive data privacy law in the USA to provide adequate data protection rights to US consumers. This paper explores the various current federal, sectoral, and state data privacy laws in place in the USA and discusses their advantages and disadvantages. A comparison of the various data privacy regulatory models employed across the world is then provided followed by a proposal of a suitable model for the USA to adopt.