Since the introduction of the GDPR, there has been quite a bit of discussion on what the rest of the world, especially the United States, will do next regarding data privacy. While there’s no single data protection legislation in the U.S., there is a general belief that all deserve the right to privacy. As Congress continues contemplating future privacy laws in the U.S. as a whole, there are several individual states coming up with laws of their own.
Upcoming State Laws
There are a few state laws that will become effective in the upcoming months. Nevada’s will be the first to go into effect on October 1, 2019 – focusing on the ability of consumers to opt-out of the sale of their personal information. Next would be Maine’s, which is known as ‘An Act to Protect the Privacy of Online Consumer Information.’ This law requires that internet service providers be approved by customers before the ISPs sell or share their data with any third parties; however, this strict and narrow law only regulates about 80 of Maine’s broadband ISPs. We will see this go into effect at the beginning of July 2020.
Possibly the most well known and most recognizable of all the state laws is California’s Consumer Protection Act, also known as CCPA, which, in short, allows California residents to have enhanced privacy rights and consumer protection. It was signed into law just a month after GDPR was implemented, with amendments having been passed in late September 2018. Although the CCPA won’t be effective until January 1, 2020, it has become one of the most talked about U.S. privacy laws yet. The CCPA “applies to any business, including any for-profit entity that collects consumers personal data, which does business in California” and refers to personal information as: “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household such as a real name, alias, postal address, unique personal identifier Internet Protocol address, email address, account name, social security number driver’s license number, passport number, or other similar identifier.” It also includes at least one of the following: annual gross revenues of over $25 million, acquires personal information from at least 50,000 consumers/households/devices, or they earn more than half of their annual revenue from selling the personal data.
While none of these laws are effective yet, there are a few pre-set constitutional limits on what the government can intrude on regarding individuals’ right to privacy. Some of these limits regarding privacy are only in place for the exercising of police powers or the passing of legislation, and the Constitution only protects individuals against state actors; any invasion of privacy can only be alleviated by former court rulings. In addition, there is a federal law that puts harsh constraints on what can be collected, shared, or sold about children under the age of 13 by data companies; this is known as the Children’s Online Privacy Protection Act (COPPA).
Along with the national pre-set constitutional limits, there are some state constitutions that discuss the right to privacy as well:
- Article 1, Section 22 of the Alaskan Constitution states “the right of the people to privacy is recognized and shall not be infringed.”
- Article 1, 1 of the Californian Constitution “articulates privacy as an inalienable act.”
- Article 1, § 23 of the Floridian Constitution states “every natural person has the right to be let alone and free from governmental intrusion into the person’s private life except as otherwise provided herein.”
- Article 2, § 10 of the Montanan Constitution states “the right of individual privacy is essential to the well-being of a free society and shall not be infringed without the showing of a compelling state interest.”
- Article 1, § 7 of the Washington Constitution states “no person shall be disturbed in his private affairs, or his home invaded, without authority of the law.”
Some federal privacy laws even have considerable opt-out requirements, which is similar, but not as harsh, as Nevada’s law. This essentially requires that individuals specifically “opt out of commercial dissemination of personally identifiable information.”
As the U.S. continues to work towards better online privacy and data protection, the safety of individuals’ information is still at risk. One way to keep your data safe in the meantime is with Ghostery. As a privacy company, we work to keep people’s online presence safe and free from third-party trackers. The Ghostery Browser Extension allows users to see the ads and trackers on a website and decide which ones they want to block or allow while online. Online privacy is a necessary right, and we believe it should be emphasized within our products and within our country.