In this unique year of 2020, the significant milestone in the area of privacy and protection of personal data in the United States of America (USA) remains undoubtedly the CCPA - California Consumer Privacy Act, which started to protect the citizens of the State of California against commercial use of their personal data without their consent. But does privacy and protection of personal data in the US come down to the CCPA only?
Of course not! In fact, the form of federalist state adopted by the USA, with autonomy granted to each of the states, made the issue quite complicated. While Articles 21 to 24 of the Brazilian Federal Constitution of 1988 established the powers of entities, exclusive or concurrent, state autonomy is considerably greater in the USA. This complexity is illustrated in the map below, prepared by the International Association of Privacy Professionals (IAPP), which gives an updated impression of how the issue of privacy and protection of personal data is currently being addressed across the different US states:
According to this map, there are different privacy and data protection laws in California, Nevada, and Maine.
There are bills under discussion in Washington, Arizona, New Mexico, North Dakota, Nebraska, Texas, Louisiana, Iowa, Minnesota, Wisconsin, Illinois, Mississippi, Florida, South Carolina, Virginia, Maryland, New Jersey, New York, Connecticut, Massachusetts, and New Hampshire. Another state that also had a bill on the subject was Pennsylvania, but it has been discontinued, with no progress.
Therefore, half of the 50 American states are already addressing the issue of the privacy and protection of personal data.
In another interesting initiative, IAPP and the Westin Research Center prepared the table below, which provides a comparative view of the clauses in the wide variety of bills in process, considering the right of the data subject and the obligations of business:
However, it is essential to note that Americans have approached privacy and the protection of personal data with a focus on consumer relations.
In a future article, we will discuss privacy laws in Nevada and Maine, as we have already done so with respect to the CCPA in the state of California.
For those who wish to go deeper into the topic, we even recommend affiliating with IAPP, in order to have access to training and receive routine updates on the evolution of this issue.