According to a report by Reuters, a new US federal privacy law is unlikely to make it through Congress in 2019. Earlier this year most industry participants expected a new federal law to be complete by year end. Law makers have been unable to forge a consensus on key issues including whether federal laws should pre-empt existing state laws such as California’s Consumer Privacy Act (“CCPA”). Other thorny issues include data portability and penalties for non-compliance.
The lack of a new federal law means that companies operating in the US will need to focus first on complying with California’s CCPA law by January 1, 2020 its effective date. California is the largest state in the US by population and is also home to many of the leading tech and payment companies including Google, Facebook, Apple and Visa. Companies collecting data, including transaction data used for card-linking programs, will need to carefully review the CCPA and ensure they are in a position to comply.