Conflicting State Data Privacy Laws May Drive Up Costs for Businesses

data privacy

A hodge-podge of privacy laws across the U.S. threatens to cost businesses more than $1 trillion over the next decade, with at least 20% of that burden falling on small- to medium-sized businesses, according to a report by the Information Technology and Innovation Foundation (ITIF) issued this week. 

The study recommends Congress pass a federal privacy law to preempt states, the Washington, D.C.-based science and technology policy think tank wrote.

Daniel Castro, ITIF’s vice president and co-author of the report, said poorly designed data privacy laws can impose a substantial toll on the economy through compliance costs. 

“When multiple states subject businesses to conflicting privacy laws, they increase these costs that ultimately are passed on to consumers,” he said in a statement. 

Since 2018, researchers reported that 34 states have passed or introduced 72 privacy bills regulating the collection and use of personal data. In addition, the report said such laws create significant compliance costs for businesses and confusion for consumers. 

To illustrate the unfavorable impacts of creating 50 separate state privacy laws instead of a single federal statute from Congress, the ITIF calculated the cost to businesses to meet privacy rules in the state where they are headquartered and other states where they operate. 

Under ITIF’s model, the estimated costs associated with California’s privacy law would be $78 billion annually. That includes $46 billion incurred in state and $32 billion to be paid in other states.  

The 35-page survey concludes that to avoid conflicting laws and unnecessary costs, Congress should quickly enact comprehensive privacy legislation that would cover the country.  

ITIF’s study comes as a review of five U.S. financial regulators responsible for protecting consumers’ personal data revealed four have failed to follow key practices, such as documenting how they minimized collection and use of such data. 

Learn more: Report: Federal Financial Regulators Should Ensure Protection of Personal Data