After years of trying, Congress has a privacy bill in draft form that many industry observers think may have a shot at passage. It has support from both houses and both parties -- a sign of the strong desire to enact federal law on the issue -- and will come up for debate in the House today. The bill would, among other things, preempt most state laws on privacy and allow consumers to enforce it via a private right of action (i.e., they can sue companies that violate it). Industry is divided on whether federal legislation in this area would be a good thing: the US Chamber of Commerce suggests that the current bill is "unworkable," but some tech company executives including Tim Cook of Apple appear to support it.
Why It Matters
If done well, a single federal standard for how companies should handle personal data could make life easier for corporate America. There would be only one primary standard for what is private and what duties a company has with respect to that private data. Other laws such as copyright and patent function well with only a single federal standard and no competing state standards that vary the requirements. Privacy is an enormous issue for regulators outside the US, and large US companies cannot remain competitive globally unless they observe and respect privacy rules and norms. This increasingly affects smaller companies too, as privacy commitments expand in all directions through the supply chain.
A national private right of action, however, could potentially be an explosive area of litigation -- and the threat of litigation could muddy the waters more than clear them. Furthermore, Congress has a difficult time with high tech issues, which are complex and fast-evolving. That makes them difficult to regulate well.