.svg)
In the Privacy Soapbox, we give privacy professionals, guest writers, and opinionated industry members the stage to share their unique points of view, stories, and insights about data privacy. Authors contribute to these articles in their personal capacity. The views expressed are their own and do not necessarily represent the views of Didomi.
Do you have something to share and want to take over the privacy soapbox? Get in touch at blog@didomi.io
As we approach 2025 and on the backend of the presidential election, conversations about a federal privacy law are once again gaining traction.
Privacy has become a critical issue for consumers and businesses alike, and many are asking whether the next administration will tackle the longstanding gaps in data protection.
While challenges persist, I think there are reasons to believe bipartisan efforts could lead to targeted progress, particularly in specific industries.
A history of bipartisan interest in the U.S.
As the VP of Product at Didomi, I have covered the impact of the American political divide on data privacy legislation in the past.
Still, federal privacy legislation has garnered significant bipartisan attention over the years. No later than earlier in 2024, the American Privacy Rights Act (APRA) made its way to Congress, showing some of the most promising odds of realization we’ve seen:
“This bipartisan, bicameral draft legislation is the best opportunity we’ve had in decades to establish a national data privacy and security standard that gives people the right to control their personal information."
- Chair Cathy McMorris Rodgers (R-WA), House Committee on Energy and Commerce, Chair Maria Cantwell (D-WA), Senate Committee on Commerce, Science and Transportation (source: Committee on Energy and Commerce)
Looking at recent developments, we can see that both parties have increasingly recognized the importance of safeguarding consumer data, particularly as technology continues to evolve. Proposals like the Kids Online Safety Act (KOSA) and the EARN IT Act demonstrate that bipartisan collaboration is possible, especially when addressing issues such as child safety and harmful content online.
These bills highlight the potential for focused, incremental legislation that tackles specific concerns without overhauling the entire regulatory framework. While comprehensive federal privacy laws have stalled so far, these bipartisan efforts offer a model for what could be achieved in 2025 and beyond.
Could sector-specific progress be the key?
Rather than pursuing an all-encompassing law, the most likely path forward may involve targeted regulations for particular industries or use cases. Examples could include:
- Technology and social media: Recent debates over children’s privacy and harmful online content suggest that more oversight could emerge in this space. Bipartisan bills addressing online safety provide a roadmap for how privacy protections might evolve in the tech sector.
- Healthcare: The digitalization of sensitive patient data presents opportunities to enhance existing laws like HIPAA or address gaps in how emerging technologies handle health data.
- Financial services: As financial transactions move into digital platforms, clarifying how consumer data is protected in new ecosystems (such as blockchain or digital wallets) could become a bipartisan priority.
- Retail and e-commerce: With AI-powered personalization and automated decision-making on the rise, regulations may target transparency and consent in how consumer data is collected and used.
We’re only scratching the surface, but we can observe a pattern, and I predict that sector-specific efforts will play a major role in shaping the future of privacy in the U.S., along with state regulators.
A continued state-driven momentum
States are another element that has driven tangible change to data privacy in the U.S. over the past few years.
Laws like California’s CCPA/CPRA, Colorado’s CPA, and Virginia’s CDPA have set new standards, influencing business practices nationwide. As more states pass similar laws, they create de facto national benchmarks that businesses must follow to remain compliant.
In 2025, eight new state data privacy laws will take effect, bringing the amount of Americans protected by state-level privacy regulations to around 150 million Americans (nearly half of the country) by the end of next year.
{{us-map-link}}
Looking ahead, certain states are poised to pass new privacy legislation that could further reshape the U.S. data protection landscape:
- New York: Recent legislation such as the SAFE for Kids Act, which regulates algorithmic content for minors, and the Child Data Protection Act, which restricts data collection and sale without explicit consent, shows New York’s focus on strengthening privacy protections.
- Vermont: A new privacy law allowing residents to sue companies for collecting or sharing sensitive data without consent positions Vermont as a leader in consumer data protection.
- New Jersey: Daniel’s Law, designed to protect the personal information of criminal justice officials, reflects the growing trend of privacy-focused measures at the state level.
As these states pave the way, businesses nationwide will face mounting pressure to adapt their practices, potentially creating a stronger case for federal action to simplify compliance.
My take on why bipartisanship matters and what comes next
Bipartisan proposals like those mentioned earlier reflect a shared recognition that protecting consumers is essential in the modern digital economy. These targeted efforts demonstrate that even in a divided political environment, common ground can be found on issues that impact everyone.
Future privacy initiatives may gain traction in Congress by focusing on specific, actionable goals such as protecting children, safeguarding sensitive data, or ensuring transparency in AI-driven decisions.
While the possibility of a comprehensive federal privacy law remains uncertain, targeted bipartisan efforts could pave the way for meaningful progress. Businesses and policymakers alike have an opportunity to shape the future of privacy by focusing on shared values: protecting consumers, enabling innovation, and fostering trust.
As privacy concerns continue to grow, the demand for action—whether at the federal or state level—is only becoming louder. The question is not whether change will come, but how it will be achieved.
.png){kind=tracking}
.png)
.png)