One of the hallmarks of U.S. privacy regulations is the absence of a federal, comprehensive, data privacy law. Instead, consumer personal information is regulated by a hodgepodge of federal and state laws and regulations. Despite the complex web, the United States has historically maintained an opt-out framework, in that covered entities are not generally required to obtain consent before processing personal information.
This opt-out framework notably differs from other jurisdictions, such as the European Union or Brazil, that maintain federal data privacy laws that require controllers to have a legitimate basis to lawfully process personal data or otherwise obtain consent.
Although data privacy laws may not expressly require controllers to obtain consent in the United States, trends around increasing scrutiny and liability associated with consumer privacy have the potential to shift the industry to a de facto consent-based privacy framework.
Download the PDF below to read more!