280 million Americans have no control over their data. A national standard is the only way to fix it

States are passing their own privacy laws, but this patchwork of rules will hurt consumers and businesses alike

As our world becomes increasingly more digital, the concern around consumer privacy protections has been slowly brewing with no significant action at the federal level, DelBene writes. (Bill Clark/CQ Roll Call file photo)
As our world becomes increasingly more digital, the concern around consumer privacy protections has been slowly brewing with no significant action at the federal level, DelBene writes. (Bill Clark/CQ Roll Call file photo)
Posted April 16, 2021 at 6:00am

We’ve all done it — downloaded a new app on our phone, been prompted with an overwhelming and confusing Terms and Conditions pop-up, and immediately clicked “I Agree” and moved on without thinking what hitting that button means.

The fact is every time we log on to the internet or use an app, our data is at the whim of the company, and there is largely no accountability for how a platform might use, store or sell information about us. As our world becomes increasingly more digital, the concern around consumer privacy protections has been slowly brewing with no significant action at the federal level.

Understandably, states are starting to go at this on their own, to protect their residents and lay a foundation for data privacy in the 21st century. Since 2018, California has stood as the lone state to enact a comprehensive consumer data privacy law, but Virginia recently became the second state to sign such a bill, setting off what will likely be an assortment of differing privacy laws between states. As more fill the vacuum left by Congress, the need for a national privacy standard becomes more critical for consumers and businesses.

Seventy percent of Americans believe their data is less secure now than it was five years ago, and 46 percent feel they’ve lost control of their data. They’re more than justified in feeling that way, as data breaches are increasingly common and Big Tech remains governed by its own rules. Outside of the two states that have comprehensive data privacy laws, the remaining 280 million Americans live in what amounts to the Wild West when it comes to keeping their information safe.

Virginia’s law means we’ll likely see a much more rapid timeline for the next states to follow suit. California started as the sole privacy leader in the U.S. As a result, there was nothing to compare its policy to domestically and no conflict with other jurisdictions. A company was either following the California rules or not.

Now, with a competing law on the books, you could get on a plane in Los Angeles with one set of rights and land in Arlington, Va., with a completely different one. This will only make other states rush to define privacy in their own terms, quickly creating an untenable patchwork of state laws that will be nearly impossible for consumers to understand and for small businesses and startups to follow. The only thing that will solve this is one uniform national standard that sets clear rules of the road for everyone.

None of this is to say that states have done anything wrong. It’s understandable that state lawmakers want to protect their residents, and they’ve made significant contributions to the privacy discussion in the process. My home state of Washington has been debating consumer data privacy protections for several years and could be one of the next to pass such a law.

Developing a national standard is not meant to penalize states for moving faster than the federal government. In fact, the national data privacy proposal that I authored incorporates many of the fundamental ideas being debated in statehouses from Olympia to Oklahoma City. Fifty great ideas will not solve this problem though, and that’s why Congress needs to create one uniform standard.

Moreover, this issue is as much an international concern as it is a domestic one. The European Union is leading the privacy discussion on the global stage with the General Data Protection Regulation, and they have not been shy about wanting to set the standard for others. While the policy has made personal data safer within the 27 EU member states, it has also created a burdensome set of regulations for businesses. If applied domestically, policies like this would be a challenge to the small business community across the country.

We can manage consumer privacy without stifling innovation but not without the federal government first setting a clear domestic policy. The Biden administration should see this as an opportunity to meet one of its core goals of restoring American leadership on the global stage and adopt this as one of its priorities.

The longer Congress waits, the more complicated the issue becomes. Washington’s Senate and Oklahoma’s House of Representatives both passed data privacy bills last month, and other state capitals are moving legislation as well. Lawmakers on Capitol Hill need to wake up to this issue so the next time we see that Terms and Conditions pop-up, we know how we’re protected.

Rep. Suzan DelBene is a Democrat representing Washington’s 1st District. She serves as vice chair of the House Ways and Means Committee and chair of the New Democrat Coalition.