The growing patchwork of state privacy laws is confusing consumers and having a chilling effect on our economy, especially for small businesses that are struggling to keep up with an ever-changing compliance landscape. Resources that could go towards innovation and job creation are instead being spent on compliance costs and legal bills. Since 2018, 46 states have introduced 182 different, often conflicting, privacy laws. Ten states have enacted their own privacy law.
Now is the time for Congress to Act.
KEY STATS

86 percent of Democrats and 81 percent of Republicans said Congress should make privacy a “top” or “important” priority. (Morning Consult, 2021)
The average privacy spend of small businesses (50-249 employees) is $2 million, up from $1.1 million in 2020. (Cisco, 2023)
Since 2018, 182 comprehensive privacy bills have been considered across 46 states.
In 2023, 59 comprehensive privacy bills have been filed across 27 states.
10 states have enacted comprehensive privacy bills: California, Colorado, Connecticut, Florida, Indiana, Iowa, Montana, Tennessee, Utah, and Virginia.
Failure to pass a federal privacy law would cost our economy more than $1 trillion over 10 years, with more than $200 billion being paid by small businesses. (ITIF, 2022)
The enactment of the California Consumer Privacy Act (CCPA) in 2020 has resulted in nearly 200 lawsuits involving companies that sell to customers in California despite being located elsewhere. (ITIF, 2022)
The California Consumer Privacy Act created a $78 billion annual economic burden on the U.S. economy. (ITIF, 2022)
MUST WATCH
Now is the Time for a Federal Privacy Law
Industries are United for Privacy
Why Do We Need a Federal Privacy Law?
Lawmakers Agree: Protecting Privacy is a Priority
Why Do We Need a Federal Privacy Law?
A Federal Privacy Law Has Bipartisan Support
“The potential of a patchwork of state laws on data privacy is very real and the confusion that it would cause for consumers. I do not see where it would help build trust and confidence that individuals and consumers would believe that their personal data privacy is being protected. For companies, a patchwork of laws is really impossible. The potential for conflict in what the law and standards are from state to state makes it impossible for companies to operate when we all recognize that the internet doesn’t have any boundaries.”
____________________________________
Rep. Cathy McMorris Rodgers (R-WA), Chair of the House Energy and Commerce Committee
"Every American knows it is long past time for Congress to protect their data privacy and security. The modern world demands it. The American Data Privacy and Protection Act meets the moment with essential compromises that protect consumers while ensuring American businesses remain innovative and globally competitive. There is no time to wait on protecting Americans' privacy and data security and providing certainty to American businesses."
_________________________________
Rep. Frank Pallone (D-NJ), Ranking Member of the House Energy and Commerce Committee
"With the recent increase in cyberattacks on our nation’s critical infrastructure and the ongoing efforts to expand internet services to every American, the need for federal privacy legislation is imperative. We risk losing consumers’ confidence in the internet marketplace and undermining our national security and technological leadership abroad without a federal privacy law."
____________________________________
Sen. Roger Wicker (R-MS), Ranking Member of the Senate Commerce, Science, and Transportation Committee