The United States' Need for Federal Preemptive Privacy Legislation

In the current race for technological innovation, companies are striving to be the best and most prominent in the industry. A major way companies are setting themselves apart is through personalized experiences for their customers, so they have a huge incentive to collect consumer information. Consumers have limited knowledge of how much information companies collect and what goes on behind the scenes. Therefore, it is becoming extremely important to ensure companies are held accountable for upholding consumers’ right to privacy. One way this can be done is through the implementation of privacy legislation. The United States has not yet enacted federal preemptive privacy legislation, so this thesis examines the feasibility of enacting such legislation using the European Union’s GDPR as a model. California’s current state-level privacy law, the CCPA, is compared to the GDPR to determine the elements of a successful privacy law and find that the CCPA has many problems, most of which are solved by the GDPR. Because of this, it is concluded that it is necessary for the United States to adopt federal privacy legislation which would be most successful if the GDPR was used as a foundation.