Many state privacy laws fail to protect consumer data, report finds

A report by the Electronic Privacy Information Center and U.S. PIRG Education Fund has found that nearly half of all state data privacy laws fail to protect consumer information adequately, with some weakening existing safeguards, according to The Record, a news site by cybersecurity firm Recorded Future.

Eight of the 19 states with consumer privacy data laws that were evaluated by the two organizations were deemed ineffective. Seventeen states received a C+ or lower in the assessment, with none earning an A, indicating widespread shortcomings in consumer privacy protections. The study stressed that many state privacy laws are based on industry-drafted templates that allow companies to collect and use consumer data with minimal restrictions.

Maryland and California were the only states recognized for strong privacy protections, with Maryland’s law imposing strict limits on data collection, banning targeted advertising to minors, and prohibiting sensitive data sales. Lawmakers in Vermont, Massachusetts, and Maine are working on similarly comprehensive legislation. The report emphasized that effective privacy laws should minimize data collection, regulate sensitive data use, prevent profiling, and include strong enforcement mechanisms.