by Avi Gesser, Jon Leibowitz, Mathew Kelly, Joseph Kniaz, and Daniel F. Forester

Momentum is building for federal data privacy legislation, in large part due to the passage of the California Consumer Privacy Act (CCPA) (which goes into effect in 2020) and other states enacting or considering their own consumer privacy laws.  These developments have businesses concerned that they will face a patchwork of inconsistent and onerous state privacy laws, which is currently the case with breach notification.  Many leading tech companies, trade groups, and the U.S. Chamber of Commerce have voiced support for a national privacy law.  On top of these domestic considerations, the EU’s General Data Protection Regulation (“GDPR”), a sweeping privacy law that affects many U.S. companies conducting business in the EU, is also now in effect.  Several legislative proposals have been put forward in Congress, and we are starting to see the broad outlines of a potential law.  But for many of the details, there is still nothing close to a consensus.  Here are some of the issues that will likely be the subject of the most intense debate in the next congressional term: Continue reading →