A July 2021 survey from Data for Progress found that nearly three-quarters (72%) of likely US voters felt that existing privacy laws are insufficient. Consumer privacy groups have successfully advocated for several state privacy laws, including California’s Privacy Rights Act (CPRA), that in some cases go beyond even GDPR’s protections.

The fragmentation of US laws has led to a broad consensus that a federal law is important. But Republicans and Democrats disagree on key issues, including whether stronger state laws can preempt a federal law and to what extent private citizens can sue for damages.

A federal data privacy law in the US remains elusive, but some additional privacy regulations are likely. Even without a federal law, the Biden appointees on the Federal Trade Commission seem ready to use existing statutes to create new rules and enforce existing regulations more strictly.