Will the California Consumer Privacy Act serve as a blueprint for a federal privacy law or for a patchwork quilt of state privacy laws?
As states have been commencing legislative proceedings and as proposals for a federal privacy law are being formulated, the following seem to be principles that most agree should be included in a privacy law in the U.S.:
- Banning some practices, including using data to discriminate against users.
- Giving people the right to sue over misuse.
- Giving people ownership rights in their data including the right to delete it, change it or take it back.
- Requiring companies to be more transparent about how they use data and collect consumers’ consent, with some exceptions.
A point of contention is whether or not a federal U.S. privacy law should completely preempt (invalidate) state privacy laws (or whether they should continue to be binding if stricter than the federal law).