Until very recently, it was difficult to be an optimist about privacy in the U.S. Privacy laws in the U.S. have been notoriously ineffective. U.S. companies engage in rampant data profiling, from established giants like Google, to shadowy data brokers like Axciom, to headline-grabbing startups like Clearview AI. Edward Snowden's 2013 revelations about the scope of U.S. national security surveillance showed the extensive cooperation, and sometimes even active involvement, of private companies. In 2015, and again in 2020, the top European Union court invalidated the framework that allowed U.S. companies to export E.U. persons' data to the U.S., reasoning that U.S. privacy protections are too weak.
But both privacy talk and privacy law in the U.S. have shifted sharply toward increased protection. U.S. companies now often must comply with both European and California regulations. State after state has enacted new privacy laws, and Congress has been making the most serious attempts at enacting a national privacy law in decades. Former U.S. Presidential candidate Andrew Yang even made data privacy a centerpiece of his campaign.