The March 2023 Congressional hearing dedicated to privacy signaled that the discussion of a federal U.S. data privacy bill will still be in-play this year. 

Despite the fact that data privacy is considered an issue with wide bi-partisan support, a few key factors impact the progress of this bill in particular:

• California, which has already made significant progress on implementing data privacy restrictions, sees the language in this federal bill as a step down compared to its regulation, given that the federal bill would act as a ceiling on the states' abilities to regulate, instead of a floor.
• Many, however, prefer the current approach because it goes further in addressing information sharing, rather than just collection. It also creates a standardized approach so that businesses aren't forced to adapt to the states' one-off choices instead of having comprehensive guidance in place. By comparison, the EU's GDPR legislation provides a framework that's readily understood, even if not widely supported.
• The current federal bill extends civil rights protections to those in protected groups so they have a course of action they can take if their data is used for the purposes of discrimination. California's legislation is weaker on these fronts. While this should be a reason to support the federal framework rather than California's, the most controversial component to these federal protections is that individuals can sue businesses for violations under the private right of action components.

Europe is further ahead in implementing privacy protections than the U.S. is, given the EU's passage of General Data Protection Regulation (GDPR) in 2016. Contextually, Europe understands to an extreme level what it means when data privacy is violated, considering its experiences in data being used to aid war crimes during WWII and via the Secret Police.

The U.S. is far behind in addressing these dangers of data collection at-scale. Despite the inconvenience of what privacy law means for business, it's important to bear in mind the context of where this all comes from and why it matters.

All told, it will likely be Republicans that push for federal-level privacy protections, based on a range of their own agendas.

Regardless of whether U.S.-based organizations end up having to comply with regulation, we need to bear in mind that the technology systems and companies we rely upon -- Google, Apple, Meta, etc. -- already have to factor it in because of the constituencies that THEY serve.

And if they're smart, they'll keep pushing privacy as part of their brand-protection strategies -- again, based on a range of their own agendas.

That trickle-down impact is what we're already feeling. And that total lack of accountability is what we should truly be hedging against.

--

Take next steps to be prepared for the impact of privacy from both the legislative and tech response perspectives. 

• Get customized support for your team.
• Take my online course to help practitioners understand the steps to take right now.