Legal Blog

US Data Privacy Developments

The European Union’s General Data Privacy Regulation (GDPR) went into effect on May 25, 2018 and represents the most sweeping data privacy regulatory framework enacted to date. While GDPR is geared toward protecting personal data from people and devices located in the European Economic Area, legislative developments continue in the United States that will enhance the responsibilities of US collectors of personal information in terms of how the data can be collected, stored, processed and used.

In April of 2018, the Customer Online Notification for the Stopping Edge-Provider Network Transgressions (CONSENT) Act (which has some important similarities to GDPR) was introduced in the Senate. An “edge-provider” is an “individual or entity that provides any content, application, or service over the Internet, and any individual or entity that provides a device used for accessing any content, application, or service over the Internet,”  according to rules proposed by the Federal Communications Commission.

The CONSENT Act includes the requirement that an edge-provider obtain consent from users to share or sell their personal information. The Act also imposes upon edge-providers the requirement of developing data security practices to better ensure the safeguarding of personal information they collect. Edge-providers must also notify users about how their personal information will be collected, used and shared by the provider, and notify users in the prescribed manner – in addition to that prescribed by state law in some states – in the event their data has been breached.

More recently, California enacted data privacy legislation that will go into effect January 1, 2020 that affords California residents many of the same protections the GDPR affords people in the EU. Under the California law, companies that collect personal information will be required to tell consumers whose data they have collected, what was collected, why, and the types of third parties with whom it has been shared. Collectors of data will also have to delete it or refrain from reselling it upon request of the person to whom the data belongs.

As California represents the fifth largest economy in the world, compliance with its laws is extremely important to a wide range of companies that will be subjected to its data privacy laws. As a practical matter, it’s going to be extremely difficult for companies to segment their data privacy and security policies based on the geographic location of customers from whom they collect personal information.

Companies who collect and process personal information as part of their business practices must continue to monitor these legislative developments, including modifications and improvements to regulations that are expected in California before its new data privacy law goes into effect, and must allocate human and financial resources to avoid penalties and loss of goodwill for noncompliance.


For more information on this topic, please contact Scott Lloyd at

ABOUT SCOTT LLOYD | 301.575.0357

Scott Lloyd is a registered patent attorney who specializes in intellectual property counseling and commercialization work. He has served as a technology commercialization specialist and advisor to companies in a diverse array of markets, including biotechnology, pharmaceuticals, medical devices, food and beverage, specialty chemicals, technology and engineering. In addition, Mr. Lloyd spent ten years as in-house general counsel to small and mid-sized companies, where he managed corporate matters and resolved commercial disputes in addition to intellectual property strategy, and now serves in the same capacity for entrepreneurial clients. He serves as counsel to and small and mid-sized business owners seeking to implement growth strategies and succession plans.

While in house, Mr. Lloyd has also contributed to the successful formation of international affiliates of domestic businesses as well as a $400,000,000 business acquisition.




Offit Kurman is one of the fastest-growing, full-service law firms in the Mid-Atlantic region. With over 170 attorneys offering a comprehensive range of services in virtually every legal category, the firm is well positioned to meet the needs of dynamic businesses and the people who own and operate them. Our eleven offices serve individual and corporate clients in the Virginia, Washington, DC, Maryland, Delaware, Pennsylvania, New Jersey, and New York City regions. At Offit Kurman, we are our clients’ most trusted legal advisors, professionals who help maximize and protect business value and personal wealth. In every interaction, we consistently maintain our clients’ confidence by remaining focused on furthering their objectives and achieving their goals in an efficient manner. Trust, knowledge, confidence—in a partner, that’s perfect.

You can connect with Offit Kurman via our Blog, Facebook, Twitter, Google+, YouTube, and LinkedIn pages. You can also sign up to receive Law Matters, Offit Kurman’s monthly newsletter covering a diverse selection of legal and corporate thought leadership content.