In 2000, Malcolm Gladwell ignited a revelation about societal change with his electrifying concept of ‘The Tipping Point’. Fast forward to 2023, and it’s clear that Data Privacy in the United States has fallen headlong into a Tipping Point of its own. It’s a Data Privacy challenge requires immediate attention, especially in eCommerce.
In 2023 alone, Five states have already enacted new Data Privacy laws, and the year’s end isn’t even in sight. This gone from a gentle wave to a tsunami in a few months.
The Superstorm
Prior years witnessed substantial activity in Data Privacy legislation, but the laws always seemed to be unable to pass the various state legislatures. But 2023 stands as a hurricane of unprecedented victories. What has unfolded is a dynamic portrait of legislative revolution. A sprinkling of US states initiated their legislative sessions post-election, creating a map dotted with burgeoning aspirations for change. Despite early setbacks by lobbyist onslaughts, these legislative ambitions advance and began passing in quick succession, igniting a spark of transformation across states, irrespective of political color.
The first domino fell on the farmland of Iowa in mid-March. Next went Indiana in the East, then North in Montana, and finally South to Tennessee, all in a whirlwind month of April. Montana and Tennessee, in a twist of legislative fate, enacted their comprehensive laws on the very same day. And the wave wasn’t done yet — Texas was teetering and then passed their lay on May 28th after their privacy law ran through the legislative gauntlet.
This unexpected legal superstorm demonstrates the urgency for Data Privacy action by companies as well.
Forces At Play
Two forces are at work here, akin to the David and Goliath dynamic – a nod to Gladwell’s analogy. On one hand, state lawmakers, our Davids, decided it was time to actualize their long-held privacy ambitions. On the other hand, we see the absence of our Goliath – a federal privacy legislation.
In the absence of federal action, states are standing up, declaring that they won’t wait any longer. “We’re moving because the U.S. Congress won’t,” or “We’d prefer the feds to handle this, but we can’t wait.” These statements are not mere complaints, they were a battle cry for action.
Even though the proposed American Data Privacy and Protection Act (ADPPA) has stirred Congress into more action than ever before, state legislators remain skeptical. In this vacuum, they’re carving out their own privacy laws, defiantly proclaiming, “If you won’t, we will.”
Unique Approaches to Privacy
These laws aren’t carbon copies, though. They each bring something unique to the table. Tennessee’s law, for instance, includes provisions tied to recognized privacy standards, offering organizations a route to avoid violations if they can prove compliance. It’s an innovative approach, pushing the boundaries of what we consider traditional privacy laws.But these aren’t mere duplicates. They come with their own flavors, their own twists. Take Tennessee, for example. Its law contains provisions tied to established and recognized privacy standards, allowing organizations to dodge alleged violations if they can prove compliance with these standards. It’s a novel idea, an outlier among privacy laws, and just the kind of audacious move that pushes boundaries.
And yet, within this change lies a pattern. The National Institute of Standards and Technology Privacy Framework, an established standard mentioned in Tennessee’s law, had already made its appearance in an Ohio state privacy law proposal the previous year. The notion of recognizing a mature sectoral privacy ecosystem, where businesses have poured billions into privacy compliance, is gaining ground.
And while these laws are varied, they also follow a trend. They recognize an emerging privacy ecosystem, where businesses have invested heavily in privacy compliance.
The Tipping Point is in Motion
This evolution signifies a complex interplay of influence and power. Lobby groups, despite their familiar tones, are subtly shaping the new landscape. They’re influencing legislative decisions, setting the stage for what’s to come.
In the throes of this dramatic transformation, it’s evident – the world of privacy is experiencing its own Tipping Point. From Iowa’s unlikely spark to Texas’s fierce stand, this wave of privacy laws is redefining our understanding of Data Privacy. As Malcolm Gladwell noted, it’s these unexpected tipping points where true change begins to emerge.
Businesses, regulators, and stakeholders mustn’t ignore this call. Data Privacy issues now demand urgent and proactive action. As we witness this rapid transformation, we need to take a step back and ask – are we ready for this change?
Enacted State Comprehensive Privacy Laws
Only includes laws with comprehensive approaches to governing the use of personal information.
California Consumer Privacy Act
(effective 1 July 2023)
(effective 1 July 2023)
(effective 1 Jan. 2026)
(effective 1 Jan. 2025)
Montana Consumer Data Privacy Act
(effective 1 Oct. 2024)
(effective 1 July 2024)
(effective 31 Dec. 2023)
(effective 1 Jan. 2023)
Discussion
Related Posts
If you enjoyed reading this, please explore our other articles below: