In the past several months, the amount of state legislative activity around consumer data privacy laws has been frantic, by state legislatures standards. So much so, it is not easy to discern the cause for all this effort; is it that consumers are demanding action, are market forces lobbying for the least restrictive options, or have legislators initiated these efforts on their own seeing their citizens simply must be protected from more than data breaches, but also be encouraged to exercise control over their personal information?

State of Laws

In the U.S., existing consumer privacy laws are either sectoral based (think, healthcare and financial services) or state-law based. Despite several federal bills being introduced over the past few years, the U.S. Congress has failed to pass any comprehensive consumer-based data privacy laws to date. (See, “Information Transparency & 12 Personal Data Control Act” introduced by Rep. Suzan DelBene (D-WA) March 10, 2021; “Consumer Data Privacy and Security Act” introduced by Sen. Jerry Moran (R-MO) May 6, 2021; “Setting an American Framework to Ensure Data Access, Transparency, and Accountability (SAFE DATA) Act” introduced by Sen. Roger Wicker (R-MS) Sept. 17, 2020. See alsoConsolidating US privacy legislation: The SAFE DATA Act,