Federalism and Privacy: Charting the Path for U.S. Data Protection Laws


The EU GDPR strives to centralize regulatory authority for data privacy and protection for all European citizens. In the United States, adopting GDPR at the federal level would significantly restrict states' ability to enact their own regulations and shape their own data protection policies tailored to the areas of concern that align with the dominant industries in their own state. Some states have adopted policies that more closely align to GDPR to ensure their personal data is handled responsibly. For example, similar to the GDPR, the California Consumer Privacy Act includes additional provisions that allow residents to opt out of the sale of their information to third parties(Cookieyes, 2024). When other countries and states interact with California residents, they must adhere to CPPA guidelines, providing Californians with additional privacy protections not offered by other states. This approach protects local innovation while also protecting consumers' privacy rights.


As someone deeply committed to privacy, I advocate for strong data privacy protections for all Americans. I value my own privacy to the extent that my discussion posts do not include my last name. I believe that while it is essential to uphold data privacy as a fundamental right, the methods to achieve it should align with our national values. Further, different local economies may require varying policies to protect different areas of concern. While the United States has not adopted a federal approach to data privacy, it has included many additional industry specific policies that the GDPR lacks, such as HIPAA, FCRA, GLBA, COPPA (Klosowski, 2021).


During the recent COVID-19 pandemic, discussions around vaccine mandates raised significant data privacy concerns, especially regarding the tracking and handling of health data. The repercussions for healthcare professionals, coupled with emerging data on vaccine safety, highlight the complex interplay between public health measures and individual rights (Saunders, 2024) (Hippisley-Cox et al., 2021). Sometimes federal measures for the good of all require data to be revealed to ensure compliance that individuals should retain the right to keep private. An approach that manages data privacy at the state level protects Americans from federal overreach in areas that concern data privacy compliance.


While my desire to protect others and retain my own privacy pushes me to adopt the EU GDPR in the name of civil rights and setting limitations on corporate greed to protect all citizens, I would like to see the federal government provide incentives for states to develop their own policies that protect our citizens. I believe we can find a middle ground where we retain our freedom to choose as individual states while also providing stronger data privacy policies for additional protections for all Americans.


References


Cookieyes. (2024). CCPA vs GDPR. What’s the Difference? [With Infographic]. https://www.cookieyes.com/blog/ccpa-vs-gdpr/#:~:text=CCPA%20vs%20GDPR%3A%20Which%20is,is%20specific%20to%20California%20residents.


DataSunrise. (2024). Nevada Privacy Law Compliance. https://www.datasunrise.com/data-compliance/nevada/


Fieldfisher. (2023). Comparison of US state laws vs GDPR [PDF document]. https://res.cloudinary.com/fieldfisher/image/upload/v1677673010/PDFs/Comparison_of_US_State_Laws_vs_GDPR_gbgoht.pdf


Hippisley-Cox, J., Patone, M., Mei, X. W., Saatci, D., Dixon, S., Khunti, K., Zaccardi, F., Watkinson, P., Shankar-Hari, M., Doidge, J., Harrison, D. A., Griffin, S. J., Sheikh, A., & Coupland, C. A. C. (2021). Risk of thrombocytopenia and thromboembolism after covid-19 vaccination and SARS-CoV-2 positive testing: Self-controlled case series study. BMJ, 374, n1931. 

https://doi.org/10.1136/bmj.n1931


Klosowski, T. (2021). The State of Consumer Data Privacy Laws in the US (And Why It Matters). Wirecutter. https://www.nytimes.com/wirecutter/blog/state-of-privacy-laws-in-us/

Pop, C. (2023, November 15). EU vs US: What Are the Differences Between Their Data Privacy Laws?. Netwrix. 

https://www.endpointprotector.com/blog/eu-vs-us-what-are-the-differences-between-their-data-privacy-laws/


Saunders, J . (2024). AstraZeneca withdraws Covid vaccine worldwide after admitting jab can cause rare blood clots. https://www.msn.com/en-us/health/other/astrazeneca-withdraws-covid-vaccine-worldwide-after-admitting-jab-can-cause-rare-blood-clot/ar-BB1lZszR

Comments

Post a Comment

Popular posts from this blog

SalonAboutBeauty: Less Integration for Consistent Styling Across Components

Ensuring Consistent Variables Less provides several advantages for organizing CSS to ensure consistency across a website. The variables.less file defines reusable properties that allow a developer to easily communicate and maintain styles according to a style guide or theme.  The Less Web Development Cookbook describes properties in the variables.less file in relation to other programming languages: “Variables in Less are defined as the equivalent to statics in other programming languages. You assign a value to a variable once and use it everywhere in your code” (Meyghani & Jobsen, 2015, p. 50). It suggests that less allows a developer to set properties, such as colors and length, to variable names that retain their meaning and can be used everywhere in the code. Examples: @base-color: red, @primary: green.  By providing these definitions in a central location, developers create code consistency in all areas of the website. Creating an Organized File St...
Read more

Why “Human Error” Is Usually a System Design Problem

In complex systems, failure rarely comes from a single bad decision. It comes from problems that evolve slowly, cross boundaries, and remain unresolved while everyone involved behaves reasonably. Managing risk in these environments means managing trajectories, not just incidents. When ownership is divided strictly by role, function, or severity threshold, gaps are inevitable. Those gaps are where issues linger, age, and quietly accumulate risk, not because they were ignored, but because no one was responsible for carrying them forward end to end. This is common in healthcare, where delay is often necessary. A patient may require observation, referrals, or time to clarify diagnosis. The failure is not that care takes time; it is that the trajectory of care becomes fragmented. Each clinician escalates correctly within scope, yet no one owns the evolving picture across visits, domains, and decisions. The patient is evaluated repeatedly, reassured locally, and sent away without continuity ...
Read more

Challenges in Prosecuting Deep Web and Darknet Crimes: The Case of Ross Ulbricht and the Silk Road

  The deep web represents online information that is not easily accessible through search engines. Prosecuting crimes on the deep web is no more challenging than prosecuting crimes for any standard website because law enforcement can still track the user's location through a domain or IP address. Alternately, the darknet poses a challenge for law enforcement to address illicit activity because while the darknet is a web-based system, it is accessible only through the Tor protocol that encapsulates HTTP and HTTPS traffic, much like a VPN that hides a user’s location and identity. The Tor protocol, often called the Onion Router, contains methods for encrypting and routing traffic between peers. The purpose of the Tor protocol is to make web browsing anonymous by routing each request through multiple peers and altering encryption at various steps until the request reaches its destination. Subsequent requests may hop through different peers, making traffic appear random, unpredictable,...
Read more