Settling Data Protection Law: Multistate Actions and National Policymaking
51 Pages Posted: 16 Apr 2020
Date Written: April 15, 2020
The state of data privacy and cybersecurity law in the United States is as unsettled as it is unsettling. By failing to pass comprehensive data protection legislation, Congress has settled for uncertainty. And the Federal Trade Commission (FTC), the primary federal agency that oversees data protection, regulates data practices predominately through settlements of enforcement actions. These settlements include corporate structural reforms that become de facto regulations by shaping corporate practices nationwide.
But the FTC is not the only enforcer to regulate data practices via settlement. State attorneys general (AGs) have become increasingly prominent data policymakers. AGs have banded together in multistate enforcement actions in response to high-profile data breaches. Like the FTC, AGs require corporations to undergo structural reforms as terms of multistate settlements. But AGs have charted new paths in multistate settlements, innovating structural reforms and other terms in settlements. These innovations can act as a catalyst to spur the FTC to demand more aggressive structural reforms in their settlements going forward. The future of data regulation will likely be shaped by more aggressive federal and multistate enforcement settlements.
And that is unsettling. Scholars, courts, and commentators have raised concerns about agencies engaging in regulation by settlement. However, those concerns have not been considered in light of the rise of multistate enforcement actions. Unique attributes of multistate enforcement exacerbate concerns about regulation by settlement and at the same time raise entirely new ones. This Article explores how AGs can continue to play a vital role in data protection policymaking while reducing concerns about regulation via multistate settlement.
Keywords: data privacy, cybersecurity, data protection, Federal Trade Commission, regulation, data breach, multistate settlement, settlement, policymaking, enforcement, attorney general
Suggested Citation: Suggested Citation