Congress is in recess for the rest of the summer, leaving unfinished a national privacy law that many thought could pass this session. Because it was not passed before the August recess, its chances of passage may be lower than thought: once back this fall, Congress is likely to focus on midterms rather than on difficult policy issues.
The bill enjoys more, and more bipartisan support than prior efforts to craft national privacy legislation, but it still faces significant roadblocks. Chief among them are that it grants a "private right of action" for aggrieved individuals to sue companies directly for privacy violations; and that it would override existing state legislation with a single set of privacy standards -- a set that some consumer advocates think is laxer than the existing state laws.
WHY IT MATTERS
Congress has repeatedly failed to deal with consumer data privacy as a national issue. It is a complicated issue and requires placating many different constituencies. This makes the US an outlier among western economies: Australia, Canada, and the EU (to name a few) all have national privacy laws.
A single standard across the country would, potentially, make compliance easier by reducing the number of rules applicable to privacy matters. On the other hand, it also could complicate business greatly by requiring more and more companies to comply, and by empowering consumers to exercise some say-so over their personal data. For now, however, US businesses remain subject to the patchwork of state and international laws that continue to proliferate while Congress debates the issues.