A national U.S. data privacy law would solve a trillion-dollar problem

While the infrastructure package recently passed by the Senate is a critical piece of legislation for the future of the U.S., it leaves out one important area: data.

As a significant challenge facing all businesses in the U.S., data is a modern kind of infrastructure that needs to be addressed with the same care and consideration as roads and bridges. It’s also a critical underpinning for many of the benefits of expanded broadband services, including equitable access to information and free internet, that lawmakers have already incorporated into the bill.

Strengthening America’s future requires a single set of national data privacy laws — either as standalone legislation or incorporated into the infrastructure bill headed to the House. Without federal action, the accelerated passage of a patchwork of state legislation will continue, which doesn’t just impact big companies but is a problem for legislators, business leaders, and citizens alike.

To put it in perspective, the cost of implementing the California Consumer Privacy Act (CCPA) is projected to reach $55 billion. Now consider the multiplier effect of dealing with numerous, conflicting policies across states. If just half pass their own laws, the cost could easily exceed a trillion-dollar impact — equal to the cost of the infrastructure package alone, and one-third the size of the Senate-approved $3.5 trillion budget blueprint for “human infrastructure.” With 15 different states currently enacting or proposing new data protection laws, this is not a little problem.

In today’s digital era, data and technology are foundational to our economy and future; they’re critical infrastructure. When used responsibly, they have the power to create transformational products, services, and benefits for everyone. But this requires a common understanding of how to participate.

America has grown largely because of innovations that deliver value for people globally. We are proud to have an innovation economy, fueled by entrepreneurs, data, and technology. For example, the internet has created massive economic benefits with over 10 million U.S. jobs relying on it, not to mention the access it has provided to information, much of it free, that was previously inaccessible to the masses. It’s not just economic, it’s democratic.

What should a national privacy law look like?

The great news is lawmakers don’t have to start from scratch. The U.S. already has numerous data protection laws on the books, such as CAN-SPAM, HIPAA, COPPA and Regulation B. Congress can build on this existing, strong foundation to create a single set of national privacy laws enabling everyone to enjoy the benefits of data-driven products and services, while also providing the necessary and enforceable protections.

This single set of data privacy laws must be:

• Fair & balanced: It needs to be clear why data is being collected, what it will be used for, and it shouldn’t be hidden behind pages of legalese. There must be a balance between people’s individual rights and the needs of businesses.


• Economical & enforceable: Marketing and advertising must be approved uses, as they largely fund a free and open internet. Data privacy laws need to prevent costly and frivolous lawsuits, so regulators can focus on protecting people from bad actors and cleaning up any industry that materially and negatively impacts people.


• Open & transparent: People should be able to ask all companies what data they have about them, be able to view, correct, or change it, and even have it deleted, given their identity can be verified.


• Safe & singular: Universal data definitions need to be agreed on, and data must be collected and stored securely. Federal privacy laws must preempt all other state, local, and even potentially conflicting federal laws.

Data is required to deliver innovative goods and services in today’s economy. Think again of the internet example: No one company or country controls it all. Data is the language of decisions and insights, and fair play means all businesses need equal access so they can master it and thrive. Data should not be about monopolistic control that only benefits the biggest companies or walls off access to decisions and insights.

The economic impact of doing nothing

The economic impacts highlighted due to a lack of a national data privacy law are just estimates. They do not even begin to calculate the impacts of missed economic opportunities that would result from forcing businesses to deprioritize innovation to focus on complex, multi-state compliance.

It’s imperative the U.S. views data for what it is — critical infrastructure — and moves to pass a set of national data privacy laws. It’s also incumbent on brands, industry experts, and all of us to push Congress for action. Not only to avoid the increasing costs of multiple state laws, but also to ensure America’s ability to compete globally and progress as a nation. This is the next critical, trillion-dollar decision the United States faces.

Chad Engelgau is the Chief Executive Officer of Acxiom. Previously, Chad served as Global Chief Data Strategist at Kinesso, the marketing intelligence unit of IPG, Acxiom’s parent company.