Many have called on Congress to develop federal privacy law that would establish baseline rules for the collection and use of consumer data, as well as an enforcement regime to protect consumers. In a new insight, Director of Technology and Innovation Policy Jeffrey Westling breaks down the key provisions that would be included in any national framework, as well as the major sticking points for potential privacy legislation.

Key points:

• Any privacy legislation would need to resolve two key issues that have thus far stalled negotiations between Democrats and Republicans: whether the legislation should include a private right of action (under which an individual harmed by a data security breach can sue) and whether it should preempt state laws governing data privacy.
• A federal private right of action to address privacy violations would increase costs for businesses, but proponents of such a provision worry that without it, overwhelmed federal agencies would not be able to fully address consumer harm.
• Nevertheless, a limited private right of action with a right to cure, limited potential damages, and a strict scienter requirement could garner bipartisan support.
• Preemption of state privacy laws would limit compliance costs for businesses but would require sufficiently robust federal legislation that would adequately protect consumers and perhaps even enforcement from state attorneys general to garner bipartisan support.

Read the analysis