Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Comments are moderated and will not appear until the moderator has approved them.
Please submit appropriate comments. Inappropriate comments include content that is abusive, harassing, or threatening; obscene, vulgar, or profane; an attack of a personal nature; or overtly political.
In addition, no off-topic remarks or spam is permitted.
Data Privacy Legislation: Stuck on Pause?
How did you celebrate National Data Privacy Day on January 26? Oh, that celebration didn't make it onto your social calendar? Almost three years ago, I asked on this blog whether a federal privacy law would be passed in 2019. The short answer is no. Nor did a data privacy law pass in 2020 or 2021, despite numerous attempts by sponsors of both political parties. Some of the proposed bills provided comprehensive consumer protections for a business's use of personally identifiable information (PII). Others targeted specific elements of data privacy, such as requirements for businesses to protect data they collect or to notify customers in the event of a data breach.
It was thought that the European Union's passage of the General Data Privacy Regulation, or GDPR, which took effect in 2018, would spur federal activity in the United States. That same year, the state of California passed its comprehensive privacy law, the California Consumer Privacy Act. Some expected that Congress would head off state initiatives by passing federal laws to provide a consistent set of rights and responsibilities for all stakeholders. In the 117th US Congress, 30 data privacy/protection bills have been introduced, 12 in the House of Representatives and 18 in the Senate. Primary points of political disagreement have centered around preemption of state law and a private citizen's right to bring action against the offender rather than the enforcing governmental agency. No bill including either of these provisions has received bipartisan support. Social media platforms and their use of personal data have come under congressional scrutiny on several occasions over the last year with no formal action resulting from those hearings.
With little movement on the federal front, two states—Virginia and Colorado—followed California's lead in passing a comprehensive data privacy/protection law in 2021. Mississippi and Vermont recently introduced comprehensive data privacy legislation. Many other states have introduced some form of data privacy legislation addressing specific types of data such as healthcare or specific classes of people such as minors. The International Association of Privacy Protection provides an excellent source for tracking federal and state privacy legislation and news about data privacy issues.
We will continue to monitor developments on this important issue. In the meantime, place a candle in your choice of dessert, change your password, and have a belated celebration of National Data Privacy Day.