A GDPR-style privacy law in California is serving as a blueprint for other states, suggests a report today.
Following the example of the California Consumer Privacy Act (CCPA), which takes effect on January 1, two further states have passed privacy laws and almost 20 more are considering it…
CNET reports.
CCPA is in turn modeled on Europe’s GDPR (General Data Protection Regulation), the gold standard for privacy laws so strict that even Apple had to beef up its protections to comply.
Nevada and Maine have already passed privacy laws, and at least 11 more states considered privacy bills. While they didn’t pass in 2019, advocates have plans to submit more legislation in the coming year. In addition, five other states have tabled new privacy rules and instead created task forces that will study how to regulate data privacy.
As is often the case, California has set the agenda for state houses across the nation. With nearly 40 million residents, California and its frequently progressive legislature has been at the forefront of laws covering everything from plastic bag bans to animal welfare laws in recent years. Now, privacy is on the agenda.
Other states are opting for less strict versions, however.
The law defines personal information broadly, so everything from your browsing history to personal characteristics such as race and marital status are covered. The definition also includes biometric and location information.
And even California didn’t adopt all GDPR standards.
The craziness of companies having to potentially comply with 50 different privacy laws means there is growing pressure to enact a single federal GDPR-style privacy law which will override state ones. Many of us have pointed out that the sensible course of action in a global market would simply be to replicate GDPR in the US and other countries so that there is one single standard to meet worldwide.
Image: Shutterstock
