Privacy

Data privacy policy determines what personal information companies and governments can collect about Americans, how it can be used, who it can be shared with, and what rights people have to access, correct, or delete it. The U.S. lacks a comprehensive federal privacy law — unlike the European Union's GDPR, which since 2018 has given Europeans rights over their personal data and imposed large fines on companies that violate those rights. American privacy protections are instead a patchwork of sector-specific laws: HIPAA protects health data, FERPA protects student records, and the Children's Online Privacy Protection Act covers data collected from children under 13. Several states — California, Virginia, Colorado, and others — have enacted their own comprehensive privacy laws, creating a complex compliance landscape for businesses. Data brokers collect and sell detailed profiles of Americans' locations, purchases, relationships, and behaviors with minimal oversight. Government surveillance programs revealed by Edward Snowden in 2013 showed that intelligence agencies were collecting data on Americans at a massive scale. Biometric data — fingerprints, facial recognition, voice recognition — creates unique privacy risks because unlike passwords, biometrics cannot be changed after a breach.