By using website you agree to our use of cookies as described in our cookie policy. Learn More


Privacy Laws in U.S. On Same Level as Developing Countries, Data Shows

Only four out of the 50 U.S. states have enacted consumer data protection laws.

Note: TDWI’s editors carefully choose press releases related to the data and analytics industry. We have edited and/or condensed this release to highlight key information but make no claims as to its accuracy.

According to the data presented by the Atlas VPN team, only four out of the 50 U.S. states have enacted consumer data protection laws. Furthermore, the United States is falling behind developing countries in establishing privacy laws that would protect its citizens.

The data is based on the U.S. State Legislation Tracker and Global Privacy Directory of the International Association of Privacy Professionals (IAPP). The research analyzes figures updated on April 28, 2022.

The General Data Protection Regulation (GDPR) implemented by the European Union (EU) in 2018 was a groundbreaking change for consumer data protection. GDPR set the standard for privacy regulations worldwide. Companies based in the U.S. were required to comply with GDPR because they serve millions of EU citizens. Facebook, Google, Apple, and other tech giants had to revise their privacy policies and create tools for customers to give them more control over their data.

The substantial increase in internet adoption across the globe has prompted several countries to enact data protection laws. Establishing privacy acts of countries in Africa, South America, and Asia has helped them align with the best global practices on data protection and privacy.

Why and how have American consumer data protection laws fallen behind the rest of the developed world to land in the same category as countries such as Iraq or Ethiopia?

One of the reasons is that there is no agency in the U.S. to enact privacy laws. In addition, big tech giants in the U.S. have been opposing data protection regulations for years.

 “Congress could establish a consumer data protection legislation that proactively reacts to the digital age challenges to create a broader vision of human well-being,” says cybersecurity writer at Atlas VPN, Vilius Kardelis. “The U.S. cannot wait forever and will need to implement privacy laws sooner or later. The regulations they choose will have global consequences for data privacy.”

Privacy Laws in the U.S.

California, Utah, Colorado, and Virginia are the only states to have enacted consumer data protection laws. However, California is the only state with an effective Consumer Privacy Act. Data protection laws in the other states won’t be set to take effect until 2023.

Alaska, Louisiana, Massachusetts, Michigan, New Jersey, New York, North Carolina, Ohio, Pennsylvania, Rhode Island, and Vermont all have data protection bills moving through committees in their chambers of origin.

In all other states, however, consumer privacy bills are inactive or no comprehensive bills were ever introduced. The internet has been around for a quarter-century, yet the United States has yet to implement legislation forcing its businesses to comply with meaningful data-privacy regulations.

More information about Atlas VPN is available at

TDWI Membership

Get immediate access to training discounts, video library, research, and more.

Find the right level of Membership for you.