Acxiom has long recognized and championed the importance of data privacy and the ethical use of data, especially as it pertains to marketing.  We were the first company in our industry to have a Chief Privacy Officer in 1991.  While most are now calling for a national privacy law, we were alone in our industry, when we called for a national data privacy law in 2004.  And in 2018, we called for a national data broker registry.  Today, Acxiom honors privacy inquiries and opt-out requests from people nationwide, regardless of whether their state has a law requiring access, deletion, or opt-outs.

As technology advances, the protection of personal information becomes an increasingly crucial aspect of our digital lives. The power and rapid explosion of artificial intelligence (AI) and its increased use in marketing only underscores the importance of establishing guardrails to protect personal data. 

In recent years, even before AI became the hot topic it is today, several U.S. states took the initiative to address privacy concerns by introducing their own comprehensive data privacy laws. California was first, passing the California Consumer Protection Act in 2018.  Predictably, other states soon followed.  Virginia, Colorado, Connecticut, and Utah, subsequently passed their own data privacy laws that, among other things, include the rights to access, correction, deletion, and portability.  

This year, the trend accelerated.  States like Indiana, Tennessee, and Montana joined the list of approximately 12 states that have enacted comprehensive state data privacy laws.  So far, most of the more recent states to pass comprehensive privacy legislation are similar to the laws in Virginia, Colorado, and Connecticut, requiring opt-in consent for the collection and processing of certain “sensitive” data, which in addition to traditionally sensitive information like Social Security numbers and sexual orientation, now include things like race, ethnicity, and precise geo-location.  Unsurprisingly, states with current privacy laws, such as California, are now already amending those laws to add additional compliance obligations.  

While commendable, the continued rollout of state privacy laws, each with its own unique elements presents significant challenges for businesses, highlighting the urgent need for a comprehensive national privacy law with a unified approach that fosters competition and innovation, protects consumers by giving them meaningful rights, recognizes the value exchange that consumers appreciate, while at the same time, provides clear avenues for redress when bad actors misuse data.  

The Challenges for Businesses

Understanding the changing legal landscape is just one part of the equation.  There are very real business impacts and challenges, including: 

1. Compliance Complexity: With multiple states enacting their own privacy regulations, businesses operating across state lines face the daunting task of navigating varying compliance requirements. This complexity not only strains resources but also creates substantial risk for inadvertent non-compliance, exposing businesses to severe legal repercussions.  In states that have a private right of action for violations, class action attorneys will surely be ready to test the courts’ appetite to enforce new state privacy laws at the expense of the unprepared.

2. Increased Costs: Complying with diverse state laws demands additional resources for things like legal and privacy professionals and compliance technologies. For small and medium-sized enterprises, this can be particularly expensive and burdensome, which results in a diversion of already limited resources, hindering innovation and growth.

3. Inconsistent Consumer Expectations: The lack of a uniform privacy standard leads to inconsistent consumer expectations regarding data privacy and protection. This uncertainty can undermine consumer trust in businesses, adversely affecting customer loyalty and brand reputation.

The Call for a National Privacy Law

Acxiom has been calling for a national data privacy law because we believe it benefits people and businesses, and it’s imperative in a digital economy that is underpinned by data. A comprehensive national privacy law could address the aforementioned challenges and offer several benefits:

1. Streamlined Compliance: A single, standardized privacy framework would simplify compliance efforts for businesses, regardless of their geographical scope. This uniformity would ensure all companies operate under the same set of rules, fostering a level playing field and helping avoid unintended consequences that neither consumers nor brands want.

2. Enhanced Consumer Protection: A national privacy law would provide meaningful consumer rights, providing consistent and robust protections across the country. This includes clear guidelines on data collection, use, and retention, ensuring consumers have greater control over their personal information.

3. Streamlined Redress Mechanisms: The right national privacy law would establish a clear and accessible redress mechanism for consumers in the event of actual harm from privacy violations. This would empower consumers to seek appropriate remedies without facing unnecessary hurdles.

The Way Forward 

The continued rollout of individual U.S. state privacy laws has undoubtedly advanced the conversation around data protection, but it has also brought numerous challenges for businesses. A federally preemptive national privacy law is essential to address these challenges and provide a cohesive and harmonized framework that benefits consumers, brands, and the partners with which they do business. 

While there are well-documented divisions in Congress, a national privacy law can pass with Congressional focus.  Privacy is an area in which there is general bipartisan agreement.  And Congress has passed sweeping privacy regulations before.  As examples, they’ve successfully passed landmark legislation such as the Fair Credit Reporting Act, GLB, CAN SPAM, and HIPAA. If 27 member countries of the EU can agree to the need for and benefits of GDPR, surely Congress can see both the sense of a common privacy law and the feasibility of it.

As a company immersed in the business of harnessing data, ethically, to help brands better understand their customers, we believe that as technology evolves, so must our national data privacy laws.  A unified approach is the best way to ensure businesses thrive while protecting peoples’ rights.