NSBA Calls for a Unified Approach to State Data Privacy Laws
In recent years, data privacy has become a prominent concern for businesses, consumers, entrepreneurs, and policymakers. This heightened attention stems from the implementation of comprehensive data privacy laws in the European Union and the subsequent actions taken by various U.S. states.
After the European Union’s General Data Protection Regulation (GDPR) introduced substantial reforms, numerous states in the United States followed suit. With no clear set of data privacy directives on a federal level, various states have taken action by proposing, enacting, and enforcing their own comprehensive privacy laws. These laws can vary significantly and potentially create conflicts between different jurisdictions.
But as the National Small Business Association (NSBA) notes, “digital information flow doesn’t stop at state lines.”
Effect of disparate data privacy laws on small businesses
Businesses in the U.S. now confront a fragmented landscape of data privacy regulations. The task of navigating these diverse rules can be formidable for any business, but especially for small businesses and solo entrepreneurs.
As an example, Florida is currently considering Senate Bill 262, a bill that could potentially prohibit specific forms of targeted advertising. This will undoubtedly impact tech giants like Meta and Google. However, the true repercussions will be felt not only by users of these platforms but also by smaller online publishers that heavily rely on advertising revenue. Countless small businesses that depend on these advertising networks to connect with potential customers will be significantly affected.
Additionally, Big Tech has the financial resources to bear the burden of compliance costs and withstand any marginal loss in ad revenue that could result from the implementation of Senate Bill 262. In contrast, the bill presents a significant hurdle for small businesses, particularly those with limited financial resources to invest in costly software or engage public relations firms to efficiently manage and target potential customers.
Taking small businesses into consideration when creating data privacy laws
Policymakers should give careful attention to small- and medium-sized businesses as they develop privacy rules. These businesses face the challenge of operating within the same legal and regulatory framework as larger companies but often without the same level of resources. However, much of the ongoing conversation tends to center around the practices of large enterprises, overshadowing the unique needs and perspectives of small businesses.
Compared with larger companies that benefit from access to IT experts and major law firms, small businesses encounter various challenges in managing resources, including access to IT and legal support. As a result, they face a greater risk of unintentionally violating data privacy rules. Additionally, these regulations can impede existing business relationships and create obstacles in attracting new customers, posing additional difficulties for small businesses.
The need for a unified approach
According to a report by the nonprofit organization Engine, it costs individual businesses between $100,000 to $300,000 to set up the data privacy infrastructure needed to comply with the current patchwork of privacy laws. The report also reveals that it can cost between $15,000 and $60,000 for each additional state added to the patchwork.
In addition, the Engine survey reports that 90% of startups consider digital advertising to be an affordable avenue for growing their businesses. Meanwhile, 86% consider it essential for their growth and survival.
While data privacy should never be relegated to the back burner, poorly devised attempts to secure the flow of information online can inadvertently impede the capacity of small businesses to connect with customers and hinder their potential for growth.
What businesses and consumers need is a clear set of data privacy guidelines that target abusive practices but provide a reasonable level of flexibility. The NSBA continues to champion a unified federal approach and advocates against the current patchwork of regulations across the United States. A cohesive approach would ensure clarity, consistency, and effectiveness in supporting small businesses, enabling them to thrive in a more conducive regulatory environment.
20four7VA President and CEO Catherine vanVonno became a member of the NSBA Leadership Council in 2022.