Data Privacy

The U.S. Chamber supports a unified national data privacy framework to protect consumer data, promote transparency, and provide regulatory certainty in the marketplace.

Ensuring Business Innovation While Protecting
Consumer Privacy

Consumers deserve to have their privacy protected, and businesses need certainty to provide the best products and services, including those specifically designed to improve public health and promote economic recovery. Data knows no boundaries, as information constantly crosses state lines among hundreds of millions of Americans.

A patchwork of state privacy laws that employ differing or conflicting approaches threatens to hinder America’s technological leadership. Companies, particularly small businesses, would face unprecedented uncertainty as to which laws apply and how to comply with potentially conflicting laws. For consumers, confusion weakens an individual’s ability to exercise their rights.

That’s why the U.S. Chamber supports the passage of national privacy legislation that protects all Americans equally, and provides more assurance for consumers and businesses alike.

The 10 Principles of Data Privacy

A Nationwide Privacy Framework

Consumers and businesses benefit when there is certainty and consistency with regard to regulations and enforcement of privacy protections. They lose when they have to navigate a confusing and inconsistent patchwork of state laws. While the United States already has a history of robust privacy protection, Congress should adopt a federal privacy framework that preempts state law on matters concerning data privacy in order to provide certainty and consistency to consumers and businesses alike.

Privacy Protections Should be Risk-Focused and Contextual

Privacy protections should be considered in light of the benefits provided and the risks presented by data. These protections should be based on the sensitivity of the data and informed by the purpose and context of its use and sharing. Likewise, data controls should match the risk associated with the data and be appropriate for the business environment in which it is used.


Businesses should be transparent about the collection, use, and sharing of consumer data and provide consumers with clear privacy notices that businesses will honor.

Industry Neutrality

These principles apply to all industry sectors that handle consumer data and are not specific to any subset of industry sectors. These principles shall be applied consistently across all industry sectors. The United States Chamber of Commerce believes that consumers benefit from the responsible use of data. Technology and the data-driven economy serve as the twenty-first century’s great democratizer by empowering and enabling increased access to educational, entrepreneurial, health care, and employment opportunities for all Americans.


Technology evolves rapidly; laws and regulations should focus on achieving these privacy principles. Privacy laws and regulations should be flexible and not include mandates that require businesses to use specific technological solutions or other mechanisms to implement consumer protections. A federal privacy law should include safe harbors and other incentives to promote the development of adaptable, consumer-friendly privacy programs.

Harm-Focused Enforcement

Enforcement provisions of a federal data privacy law should only apply where there is concrete harm to individuals.

Enforcement Should Promote Efficient and Collaborative Compliance

Consumers and businesses benefit when businesses invest their resources in compliance programs designed to protect individual privacy. Congress should encourage collaboration as opposed to an adversarial enforcement system. A reasonable opportunity for businesses to cure deficiencies in their privacy compliance practices before government takes punitive action would encourage greater transparency and cooperation between businesses and regulators. In order to facilitate this collaboration, a federal privacy framework should not create a private right of action for privacy enforcement, which would divert company resources to litigation that does not protect consumers. Enforcement authority for a federal privacy law should belong solely to the appropriate state or federal regulator.

International Leadership

Congress should adopt policies that promote the free flow of data across international borders for consumer benefit, economic growth and trade. A national privacy framework will bolster continued U.S. leadership internationally and facilitate interoperable cross-border data transfer frameworks.

Encouraging Privacy Innovation

Incorporating privacy considerations into product and service design plays an important role and benefits all consumers. A national privacy framework should encourage stakeholders to recognize the importance of consumer privacy at every stage of the development of goods and services.

Data Security and Breach Notification

As part of a national privacy framework, Congress should include risk-based data security and breach notification provisions that protect sensitive personal information pertaining to individuals. Keeping this information secure is a top industry priority. Security is different for individual businesses and one-size-fits-all approaches are not effective; therefore, companies should have flexibility in determining reasonable security practices. Preemptive federal data security and breach notification requirements would provide consumers with consistent protections and would also reduce the complexity and costs associated with the compliance and enforcement issues resulting from different laws in the 50 states and U.S. territories.

Recent Activity

Press ReleaseMar 29, 2021 - 10:00am

U.S. Chamber Announces State and Local Policy Initiative to Promote Effective State Policies

“From data privacy to worker classification to discriminatory taxes to energy regulation, increasingly, policy issues of significant importance to the business community are migrating from statehouse to state house and from the federal government to state governments and vice-versa," said Tom Wickham, Senior Vice President for State and Local Policy at the U.S. Chamber of Commerce. “Many of these policies have outsized impact on the national economy and even local governments are considering policies that have implications well beyond their borders. This new initiative will improve strategic coordination, collaboration, and information sharing to help advance pro-business policy and stop policy that undermines the free enterprise system and job creation, irrespective of where those policies are under consideration.

EventMar 16, 2021 - 2:00pm to 3:00pm
CTEC Event Digital Transformation: Modernizing Government for the Challenges Ahead

Digital Transformation: Modernizing Government for the Challenges Ahead

C_TEC will be setting the IT modernization agenda through high-level discussions with policymakers, industry leaders, and influencers.

Press ReleaseMar 10, 2021 - 12:45pm

U.S. Chamber Praises National Privacy Bill Introduced by Rep. DelBene

Today, the U.S. Chamber of Commerce applauded the introduction of the Information Transparency & Personal Data Control Act. This legislation, introduced by U.S. Representative Suzan DelBene (D-WA-01), would ensure that consumers are afforded meaningful transparency that enables them to direct how personal information is used, collected, and shared.

CommentMar 10, 2021 - 9:30am

U.S. Chamber Comments to the ULC on the Collection and Use of Personally Identifiable Data Act

Harvey Perlman, Chair
Jane Bambauer, Reporter
Collection and Use of Personally Identifiable Data
Uniform Law Commission
111 N. Wabash Ave
Suite 1010
Chicago, IL 60602

Dear Chairman Perlman and Reporter Bambauer:

Letters to CongressMar 10, 2021 - 9:30am

U.S. Chamber Letter of Support for the Information Transparency & Personal Data Control Act

The U.S. Chamber of Commerce applauds Representative Suzan DelBene's leadership in introducing the Information Transparency & Personal Data Control Act, and we support this important bill.