SuperCitizen
civic os · v1.0
Your Position22%Your Streak04
Today’s BriefNew Chat

Issues · data-privacy-law · Technology & data

Federal data privacy law

Whether and how the U.S. should enact comprehensive federal privacy legislation — currently a patchwork of state laws (CCPA, others) and sectoral federal rules (HIPAA, GLBA, COPPA).

Discuss with AI →

The U.S. lacks a comprehensive federal privacy law. Sectoral laws cover medical (HIPAA), financial (GLBA), education (FERPA), and child (COPPA) data. State laws — California Consumer Privacy Act/CPRA, Virginia, Colorado, Connecticut, others — create a growing patchwork.

The American Privacy Rights Act (APRA), the latest federal-bill effort, would establish baseline rights (access, correction, deletion, portability), data-minimization requirements, and limits on targeted advertising. It has stalled over preemption (whether to override state laws) and private-right-of-action questions.

Key debates:

  • Preemption: Federal floor, ceiling, or middle-ground that preserves stronger state laws.
  • Private right of action: Whether individuals can sue, or only enforcement by AGs / FTC.
  • Special categories: Biometric data, location, health data outside HIPAA.
  • Children's privacy: COPPA modernization, age-verification rules.

Spectrum of framings

How adherents on each side of the conventional left / center / right spectrum frame this issue — written so each camp would recognize the framing as charitable.

left

Progressives favor strong federal privacy law with private right of action and floor preemption.

center

Most centrists favor federal privacy law; debates over preemption and private right of action are central.

right

Conservative views vary: some favor federal privacy law with broad preemption; others favor state-led approach.

Perspectives

Each perspective is presented in terms its advocates would recognize, with the concerns they treat as paramount. None is endorsed.

  • Strong-federal-privacy advocates

    Personal data is collected and traded with virtually no consumer control. A strong federal law with private right of action — like APRA — gives Americans the rights European citizens have under GDPR.

    • Comprehensive data rights
    • Private right of action
    • Closing patchwork gaps

  • Preemption-focused advocates

    A strong, preemptive federal law replaces a costly state-by-state patchwork. Without preemption, businesses face compliance complexity that small companies can't afford.

    • Federal preemption
    • Compliance simplicity
    • Small-business burden

  • State-led / minimal-federal advocates

    States are doing the work. Federal preemption would weaken protections in California and other strong-protection states. Let the states lead and Congress fill specific gaps.

    • State protection floors
    • Federalism in privacy
    • Avoiding watered-down federal law

Voices on this issue5

Commonly-cited public figures who have taken a position on this issue. Grouped by their conventional left/center/right lean. Tap a voice to see their full position record.

left1

center2

right2

Discuss this issue with the Coach →