Over the last decade there has been a reckoning over how digital companies collect personal data, what they do with it, and whether or not they’re capable of protecting it. Online data collection is still not regulated at the federal level in the U.S. But states are slowly embracing policies to ensure that digital companies protect their users—or at least introduce more transparency. Illinois led the way in 2008 with the Biometric Information Privacy Act, a law that lets Illinois residents sue companies that collect their biometric data (face scans, fingerprints, etc.) without their consent. After Europe passed the General Data Protection Regulation in 2016, which entitles people to obtain any data collected on them and have their records deleted, California decided to use it as a framework for its own law. Two years later it introduced its version of the GDPR, called the California Consumer Privacy Act . California has since passed an amendment , called the California Privacy Rights Act, that clarifies the original law and adds a governing body called the California Privacy Protection Agency that can bring action against violators.
Here is the original:
These states are on track to pass data privacy laws this year