Published
January 28, 2026
This week marks the eighth Data Privacy Week since California became the first state to adopt comprehensive privacy legislation. The growing patchwork of state laws and litigation underscores the urgent need for federal privacy legislation. Small businesses, in particular, have expressed record concerns about the challenges posed by inconsistent state regulations.
To date, 20 states have enacted comprehensive privacy laws, with most adopting the Consensus Privacy Approach pioneered in Virginia. However, outlier states like California and Maryland have introduced stricter measures that impose significant compliance costs. California’s recent rules are expected to cost over $4 billion, burdening small businesses with annual expenses exceeding $10,000. Maryland’s Online Privacy Act enforces strict data minimization requirements that could hinder fraud prevention, public health efforts, and AI accuracy.
While the Chamber supports the Consensus Privacy Approach, activists and litigators are working to undermine these balanced laws. For instance, Colorado attempted to alter its privacy law through unrelated legislation to impose strict data minimization prohibitions like those in Maryland, and activists have sought to bypass private rights of action restrictions by embedding broad health privacy requirements into consumer protection laws.
Lawsuit abuse is also on the rise, with over 3,000 cases filed under state wiretapping statutes since 2022. Plaintiffs have used laws like the California Invasion of Privacy Act to equate routine online data collection with eavesdropping, creating significant risks for businesses, especially small ones, that rely on websites to operate.
Efforts to protect children’s data online are gaining momentum. The House Commerce, Manufacturing, and Trade Subcommittee recently advanced bills addressing app store responsibility, updating the Children’s Privacy Protection Act, and introducing the Kids Online Safety Act. The Chamber recently commended these bills for establishing a strong national standard but urges Congress to protect in law and practice things like the actual knowledge standard that focus regulation on child-directed content.
The House Privacy Working Group, led by Chairman Brett Guthrie and Vice Chair John Joyce, is working on a national privacy law that could resolve many of these issues. The Chamber stands ready to collaborate with Congress to establish a federal privacy framework based on the Consensus Privacy Approach. Such legislation would protect all Americans, provide clarity for businesses, and eliminate the costly and confusing state-by-state patchwork. It’s time for Congress to act.
About the author
Jordan Crenshaw
Crenshaw is Senior Vice President of the Chamber Technology Engagement Center (C_TEC).
