Regulating the Data Market: The Material Scope of American Consumer Data Privacy Law

Abstract

This article is the first to compare the material scope of several comprehensive consumer data privacy (or data protection) laws enacted recently in the United States, both with each other and with the European Union’s General Data Protection Regulation (GDPR). Our comparative analysis covers five broad state consumer data privacy laws enacted and in effect as of the end of 2023, specifically those adopted in California, Virginia, Colorado, Utah, and Connecticut. We contrast these against each other and the GDPR. We compare how each of these laws define and scope their subject matter (e.g., what constitutes “personal data”), how they define data subjects, what amounts to data processing, and which entities are obligated to respect the data subjects’ rights provided by these laws. We demonstrate how the existing state laws are more limited in most respects than the GDPR, and how their framing as consumer protection laws significantly limits their applicability and restricts their ability to adequately address the broad range of data privacy problems that confront contemporary society. Drawing on neorepublican political philosophy, we argue that most of these laws generally fail to adequately constrain commercial data markets in many contexts and that they also fail to address the problem of law enforcement agencies acquiring personal information from the commercial sector—ultimately raising concerns about domination and the potential for uncontrolled interference by both corporate and state interests in the private lives of the data subjects who ostensibly acquire rights under the these laws. In the end, most of these “comprehensive” consumer data privacy laws at the state level in the US do little to reign in corporate and state power to collect and use personal data in many contexts and represent a missed opportunity to provide much more significant protections for individual data privacy rights in the United States.

Citable as

Newell, Bryce Clayton and Purtova, Nadezhda and Moon, Young Eun and Paterson III, Hugh J., Regulating the Data Market: The Material Scope of American Consumer Data Privacy Law (April 22, 2024). University of Pennsylvania Journal of International Law, Forthcoming, Utrecht University School of Law Research Paper, Available at SSRN: https://ssrn.com/abstract=4338049

Tags: Data privacy Data protection GDPR CCPA Privacy Privacy law Material scope
Subject Languages: Latin
Mentioned Languages: Latin
Countries: USA
Content Mediums: Text
Organizations: University of Oregon