After a number of start-and-stop efforts, and an essential halt to the issue brought about by the Covid-19 pandemic and various other ensuing political issues, American lawmakers may once again be ready to seriously take up the idea of a federal privacy law.
US looks to establish first federal privacy law after nearly a half-decade of debate.
Serious discussion of a federal privacy law has been going on since 2018, when members of both sides of the aisle in Congress committed to developing a bipartisan bill in the wake of California’s adoption of its own privacy regulations. Roughly a year of missed deadlines followed before several competing bills were introduced; then the Covid-19 pandemic hit in early 2020, and seemed to sideline the issue for an extended period of time.
This new federal privacy law proposal would apply its full slate of regulation to companies that have earned annual revenues of $41 million over the prior three years, that collect or process the data of over 100,000 people in a year (minus payment processing and certain exceptions for customer requests), or make more than half their revenue from transferring covered data.
Certain exemptions are made for small- and medium-sized businesses that do not meet these thresholds but “collect, process or transfer” covered data. There are also some special rules for “Large Data Holders,” entities with annual revenues of $250 million and that transfer the data of five million people (or the sensitive data of just 100,000).
