Zaid Dababneh
Associate Editor
Loyola University Chicago School of Law, J.D. 2025
The United States House of Representatives just passed a measure that looks to ban the use of TikTok in America. The question of “why?” arises, and to that, the U.S. has continually claimed that they are aiming to protect the information of TikTok’s American users from the Chinese government. TikTok, has always contended that there is no sharing of sensitive data with the Chinese government, but the U.S. understands that Chinese regulators have a history powering over domestic tech firms, according to AlJazeera.
Since the House has passed this measure, the Senate must now vote for this ban to go through. The U.S. has shown a willingness to allow TikTok in the states, though subject to sale to a Western company. Former Treasury Secretary Steven Mnuchin is gathering the funds to purchase TikTok now, according to CNN Business.
But all this news begs one question: does the United States really care about the data privacy of their citizens? Meta, for example, is notorious for having some of the most unfair practices regarding data collection and distribution, and the European Union imposed the largest ever privacy fine of $1.3 Billion on them as a repercussion. Why won’t the U.S. implement a federal data privacy law in their own jurisdiction? Why does the U.S. continue to allow the citizens of states who have not passed their own laws to be subject to the danger?
Newly enacted U.S. state specific data privacy regulation:
Thirteen U.S. states have enacted Data Privacy laws, and this is no surprise. With a surplus in the number of privacy collections, hacking, and an advertisement-heavy marketplace, it was inevitable that we’d finally start to see some protective measures being implemented. Indiana’s law, the Indiana Consumer Data Protection Act (ICDPA), closely resembled the Virginia law (VCDPA). While the law comes into effect in 2026, it’s important to note that the goal of this legislation is to provide consumers with control over their data and its use and provides harsh penalties for those who are in violation of such standards.
There have been many calls for the United States’ Federal Government to step in and make federal law take precedent going forward – this, however, has not happened and is likely to not happen soon.
There has been no shortage of talks that discuss the inadequacies of the United States’ handling of Data Privacy, but there was always hope among privacy professionals that states would implement laws that were similar to the California Consumer Privacy Act. Their wishes started to come true in recent times, and states all over the country are beginning to roll out their own laws, and most have been similar to that of California, which has been known to be consumer-friendly. This trend is a huge step in the right direction, and consumers should feel a sense of relief if their state is among the thirteen who have made these strides.
The shortcomings of US data privacy regulation:
The United States has vested power in individual states to implement data privacy laws that aim to protect their citizens. However, not all states have passed these laws, and there is a massive need for the protection of all U.S. citizens. The federal government has shown an unwillingness to implement federal law, and people in most states are without proper protection.
The California Consumer Privacy Act (CCPA) is the most comprehensive data privacy state law in the country, and many states are looking to replicate the law, and its effectiveness. DLN mentions the CCPA’s benefit to consumers, who now get to opt out of the sale of their data, and the equaling out of the playing field between consumers and companies who collect data.
With that, it is important to note that as long as the federal government is unwilling to enact federal data privacy law, many people will be the victims of cybercrimes. The federal government has only decided to regulate things like credit data or personal health information (PHI) or protect specific demographics, like children.
Why the GDPR is considered better law:
The General Data Protection Regulation (GDPR) is the European wide data privacy law in place. The GDPR is the benchmark of what modern day privacy legislation ought to look like (though it also has its own shortcomings). Failure to comply with the GDPR will result in fines totaling 20 million pounds, or 4% of the company’s global annual revenue for the previous year.
Unlike the EU, the U.S., is viewed to be very corporation friendly, with minimal fines, less regulation, and paying little attention to the protection of consumer data. So why does this matter? To answer that question, it is crucial for consumers to know that their data is worth money and resources. Data is used to tailor customer experiences, streamline marketing strategies, and used to create a cashflow when sent off to other companies. For the consumer, it is important to have the freedom to disallow the collection and use of your data.
How to best protect your data:
The GDPR, along with some state laws in the U.S., require that websites provide a cookie notice. This notice will tell you how your data is being collected and used. Furthermore, using a VPN could be a great way to channel information to a server, rather than your personal device and person. Additionally, one should consider their use of free applications and why they are “free”. There’s the notion that nothing is free, and when you’re using a free application, your data is the tradeoff for their service. With your information comes your viewership of advertisements on their platform and the collection of your data. This information translates to money for the company. Regarding the use of TikTok, avoid engaging in the ‘TikTok Shop’ if there is fear about the collection of your data. For now, it seems unlikely that a “U.S., GDPR” is on the horizon, and the consumers of this country shouldn’t be happy. Nevertheless, until your particular state is safeguarding your data with the implementation of something similar to the CCPA, it is best to continue exhibiting safe and cautious behaviors.