While not going so far as to recommend specific legislation, the Government Accounting Office, in a Report to the House Energy and Commerce Committee, pointed out that “The United States does not have a comprehensive Internet privacy law governing the collection, use, and sale or other disclosure of consumers’personal information.” The report points to Europe’s General Privacy Data Regulation and California’s recently enacted privacy laws as examples.
To address such privacy concerns, in May 2018, the European Union implemented the General Data Protection Regulation, a set of Internet privacy rules that give consumers control over the collection, use, and sharing of their personal information. In addition, California passed its own Internet privacy law in June 2018 that becomes effective in 2020. The United States does not have a similar comprehensive data privacy law at the federal level and instead relies in part on an industry-specific (sectoral) privacy approach.