Draft
Resolution for a Single Federal Standard for Consumer Privacy
WHEREAS, the Internet knows no borders, and is therefore an inherently cross-jurisdictional entity;
WHEREAS, consumer data privacy is fundamentally a matter of personal discretion for which there are distinct and wide-ranging preferences;
WHEREAS, state-based comprehensive consumer data privacy standards run the risk of disrupting the free-flow of interstate commerce by creating a diversity of ever evolving, and potentially inconsistent, compliance obligations;
WHEREAS, inconsistent state approaches to consumer data privacy regulation will harm businesses, especially small business seeking to do business in multiple states;
WHEREAS, regulatory balkanization insulates incumbent industry actors and directly harms the development of novel business models and competition;
WHEREAS, the enactment of comprehensive privacy regulation unduly burdens interstate commerce and is, therefore, likely in violation of Article I of the U.S. Constitution;
WHEREAS, a harms-based approach to the protection of consumer data privacy grounded in concrete and readily demonstrable injury affords predictability, consistency and security to consumers and firms alike;
WHEREAS, states already have broad consumer protection authority to punish deceptive trade practices as inherently harmful, without having to prove independent harm, thus holding firms accountable for violations of their terms of services and other material representations to users, as well as omissions of material information;
WHEREAS, state attorneys general are well-positioned to identify and address actual harms to consumer privacy;
WHEREAS, the states remain well-suited to enforce sector-specific privacy laws targeted to specific harms in traditional areas of oversight, like law enforcement and insurance;
NOW THEREFORE BE IT RESOLVED, that (insert state here) opposes the enactment of laws, promulgation of regulations, or imposition of out-of-state standards thereupon, that would restrict or otherwise dictate, absent a clear nexus with consumer harm, standards related to consumer data privacy;
BE IT RESOLVED, that a single federal standard for comprehensive consumer data privacy regulation is preferable to a state-by-state approach.