Regulating Data: The Material Scope of American Consumer Data Privacy Law

76 Pages Posted: 2 Mar 2024 Last revised: 12 Apr 2024

See all articles by Bryce Clayton Newell

Bryce Clayton Newell

University of Oregon - School of Journalism and Communication

Nadezhda Purtova

Utrecht University, Law School

Young Eun Moon

Arizona State University

Hugh J. Paterson III

University of North Texas

Date Written: March 1, 2023

Abstract

This article is the first to compare the material scope of several comprehensive consumer data privacy (or data protection) laws enacted recently in the United States, both with each other and with the European Union’s General Data Protection Regulation (GDPR). Our comparative analysis covers five broad state consumer data privacy laws enacted and in effect as of the end of 2023, specifically those adopted in California, Virginia, Colorado, Utah, and Connecticut. We contrast these against each other and the GDPR. We compare how each of these laws define and scope their subject matter (e.g., what constitutes “personal data”), how they define data subjects, what amounts to data processing, and which entities are obligated to respect the data subjects’ rights provided by these laws. We demonstrate how the existing state laws are more limited in most respects than the GDPR, and how their framing as consumer protection laws significantly limits their applicability and restricts their ability to adequately address the broad range of data privacy problems that confront contemporary society. Drawing on neorepublican political philosophy, we argue that most of these laws generally fail to adequately constrain commercial data markets in many contexts and that they also fail to address the problem of law enforcement agencies acquiring personal information from the commercial sector—ultimately raising concerns about domination and the potential for uncontrolled interference by both corporate and state interests in the private lives of the data subjects who ostensibly acquire rights under the these laws. In the end, most of these “comprehensive” consumer data privacy laws at the state level in the US do little to reign in corporate and state power to collect and use personal data in many contexts and represent a missed opportunity to provide much more significant protections for individual data privacy rights in the United States.

Keywords: data privacy, data protection, GDPR, CCPA, privacy, privacy law, material scope

Suggested Citation

Newell, Bryce Clayton and Purtova, Nadezhda and Moon, Young Eun and Paterson III, Hugh J., Regulating Data: The Material Scope of American Consumer Data Privacy Law (March 1, 2023). University of Pennsylvania Journal of International Law, Forthcoming, Utrecht University School of Law Research Paper, Available at SSRN: https://ssrn.com/abstract=4338049

Bryce Clayton Newell (Contact Author)

University of Oregon - School of Journalism and Communication ( email )

Eugene, OR
United States

Nadezhda Purtova

Utrecht University, Law School ( email )

3508 TC Utrecht
Utrecht
Netherlands

Young Eun Moon

Arizona State University ( email )

Hugh J. Paterson III

University of North Texas ( email )

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
53
Abstract Views
183
Rank
686,128
PlumX Metrics