•  
  •  
 

SMU Law Review

Abstract

Data privacy and data security have become key issues for legislators, regulators, and individual citizens. Roughly two-thirds of Americans believe their data is being regularly tracked, monitored, and collected by companies and the government. A majority of U.S. adults also believe their data is less secure today than five years ago, expressing concerns that they have little control over how their personal information is being used and that the entities who control their data are not responsible stewards. In the absence of comprehensive federal regulation, a continuous stream of privacy statutes have been proposed at the state level. Beginning with California in 2018, a handful of states enacted major comprehensive data privacy legislation. The number of states adopting consumer privacy laws has more than doubled in 2023 alone, and 2024 is on pace to exceed the prior year’s adoption rate.

Data privacy legislation obligates businesses operating in those states to comply with additional regulations regarding the collection, use, and disclosure of personal information and provides “consumers” with new rights over their personal data. Broad in scope, these state privacy statutes apply to not only traditional consumers, but also shareholders and—in some states—employees, officers, and directors of a corporation. This article discusses the growing tensions between compliance with privacy statutes and corporate disclosure activities. In light of impending conflicts between these two areas of the law, this article proposes legislative and judicial paths for navigating and reconciling the competing legal obligations. As more and more states, as well as the federal government, are contemplating adopting consumer privacy statutes, consideration of the interplay and impact of privacy statutes on corporate actions is crucial.

Included in

Law Commons

Share

COinS
 

Digital Object Identifier (DOI)

https://doi.org/10.25172/smulr.77.2.9