Why We Won’t See a Federal Privacy Law Before 2020


There is no shortage of proposed privacy legislation at the Federal level (see the chart below), but nothing is moving from committee. Why?

Primarily, political momentum for privacy issues appears limited before the 2020 presidential election. We still do not know how privacy breaks down in the electorate; in other words, nobody knows if being a privacy champion will help one get elected. That may be why politicians are willing to introduce bills and trash Mark Zuckerberg in hearings, but bills still languish in committee.

No Shortage of proposals for a Federal Privacy Law…

Further, the FTC does not want broad rule-making responsibility. In several hearings, FTC staff has reiterated that they want only targeted rule-making authority. So, while the FTC might want to weigh in on what “consent” or “opt-in” mechanisms should look like, it does not want to decide what privacy rights consumers should have at the Federal Level.

Understandably, large tech companies are in no hurry to push a bill through and individual rights groups will not accept watered-down bills. Both groups recently clashed in Washington state, where a GDPR-like bill passed the house and the Big Tech-sponsored SB-5376 died in the senate.

 SB-5376’s provisions imply that Big Tech has yet to come around to the importance of consumer privacy. For example, the bill included a right for consumers to delete their information from company databases, but only if the company could not demonstrate a business purpose for keeping it; hardly a right to be forgotten. Incredibly, SB-5376 also included a provision making it lawful to use facial recognition technology in public places by placing signs around the area.

The battle in Washington could be a preview of the debate at the Federal level. Other key issues will likely include:

-       The definition of personal information, and whether it includes browsing data

- The level of consent required by consumers for collection of personal information (opt-in vs. opt-out)

-       Individual rights of action (similar to the breach right of action in the California Consumer Privacy Act)

-       Whether Big Tech can continue to sell aggregate consumer information

-       How to implement consumer rights requests across the data ecosystem

-       How all of the above applies to valuable data like biometrics, child data, etc.

 Inertia on Federal privacy legislation will persist until someone is willing to risk political capital to bring a bill out of committee. With other social issues drawing attention ahead of the 2020 election, however, we may have to wait some time before we see a serious debate in Congress.


Are you preparing to comply with the CCPA or another privacy law? Contact SK&S privacy attorney Thomas Codevilla at Codevilla@skandslegal.com or 720-608-4799. Thomas has extensive experience in CCPA, GDPR, and COPPA compliance.

Thomas Codevilla