Though Americans want more control over their data, little is being done by the federal government to update regulations. To fill the gaps, other agencies are enacting regulations to provide some solution to the problem.
In spring, 2018, European nations enacted sweeping privacy standards known as the General Data Protection Regulation (GDPR) to enable greater control over how personal information is gathered and used. In the U.S., citizens do not have much say over the matter.
The issue of data privacy is linked to Internet use, making it a component of interstate commerce, a federal regulatory issue upon which Congress has yet to act.
When the California Consumer Privacy Act (CCPA) becomes effective in 2020, residents will: know what personal data is being collected about them; know whether their personal data is sold or disclosed and to whom; be able to opt out of the sale of their personal data; and access their personal data.
In Arkansas, the Chief Privacy Officer ensures that government is not being too heavy-handed with personal data by reviewing all pertinent legislation.
Hurdles to implementing privacy regulations on a state or local level comes from businesses who see the regulations as a burden; lack of expertise in defining and enforcing privacy regulations; uncertainty about legal ramifications; and technical issues.
Summarized from Govtech