GDPR: A Year In Review: Part 2

In our previous article, we spoke about some of the copy-cat laws that have popped up within the United States in response to the GDPR – things like California’s CCPA and New York’s SHIELD law. In this article, we wanted to focus on the ever changing landscape of regulations within the US.

Pitfalls of individual state (and local) regulations are not new to businesses nor the consumer. I’m sure a good portion of our readers know what it’s like trying to find alcohol in a dry county – or perhaps you’ve noticed the incredible differences in gun laws in one state to the next.

But when it happens to businesses that operate across state lines, things can get dicier.

As we mentioned in our previous article, there are dozens of individual state regulations regarding the data that gets collected about their residents. The problem is that each of these regulations has the potential to operate in a slightly different way.

Closeup of padlocks laid out on document containing GDPR legislative text.

GDPR – A Year In Review

Maine’s LD 946 “An Act to Protect The Privacy of Online Consumer Information” (suddenly New York’s SHIELD acronym doesn’t sound so silly) only applies to Internet Service Providers. California and Hawaii have laws that only allow opt-in at age 16 while Massachusetts is age 18. There are hundreds of different stipulations that each of these regulations carries with it. Some operate only on companies that are registered in the state while others operate on the citizens of that state.

I’m willing to guess that you already feel like you need a lawyer on retainer just to do business across state lines – and there’s only 15 laws on the books! Can you imagine what this will look like when all 50 states have their own laws? Legal chaos!

But what is the result that will come from all this? Is it reasonable to expect companies (especially data companies that house billions of records) to regulate themselves? Is it even financially feasible for a small business to handle data from all 50 states in accordance with each state’s laws? My prediction is that most businesses will simply ignore the laws or try their best (and fail) to comply with them all. Then we’ll hear about it on the 6 o’clock news while they’re sat in front of congress trying to explain it all away.

I’m all for individual states’ rights, but I can see that this is going to get messy – fast. What we need is a single law at the national level. One law to rule them all!

Martin Data © 2019