Regulating the Data Market: The Material Scope of American Consumer Data Privacy Law


This Article compares the material scope of several comprehensive consumer data privacy (or data protection) laws enacted recently in the United States, both with each other and with the European Union’s General Data Protection Regulation (“GDPR”). Our comparative analysis covers five broad state consumer data privacy laws enacted and in effect as of the end of 2023, specifically those adopted in California, Virginia, Colorado, Utah, and Connecticut. We contrast these against each other and the GDPR. We compare how each of these laws define and scope their subject matter (e.g., what constitutes “personal data”), how they define data subjects, what amounts to data processing, and which entities are obligated to respect the data subjects’ rights provided by these laws. We demonstrate how the existing state laws are more limited in most respects than the GDPR, and how their framing as consumer protection laws significantly limits their applicability and restricts their ability to adequately address the broad range of data privacy problems that confront contemporary society. Drawing on neorepublican political philosophy, we argue that most of these laws generally fail to adequately constrain commercial data markets in many contexts and that they also fail to address the problem of law enforcement agencies acquiring personal information from the commercial sector—ultimately raising concerns about domination and the potential for uncontrolled interference by both corporate and state interests in the private lives of the data subjects who ostensibly acquire rights. In the end, most of these “comprehensive” consumer data privacy laws at the state level in the United States do little to reign in corporate and state power to collect and use personal data in many contexts and represent a missed opportunity to provide much more significant protections for individual data privacy rights in the United States.

Regulating the Data Market: The Material Scope of American Consumer Data Privacy Law
University of Pennsylvania Journal of International Law
April 2024

Citable as

Newell, Bryce Clayton and Purtova, Nadezhda and Moon, Young Eun and Paterson III, Hugh J. (2024) Regulating the Data Market: The Material Scope of American Consumer Data Privacy Law. University of Pennsylvania Journal of International Law 45(4): 1055-1143. doi: Available at :

Subject Languages:
Mentioned Languages:
Content Mediums:
Bryce Clayton Newell
Bryce Clayton Newell
Privacy Scholar

I investigate questions within the contexts of privacy, policing, and immigration.

Young Eun Moon
Young Eun Moon
Postdoctoral Researcher in Journalism & Privacy

I am interested in how political and journalistic cultures shape the manner in which journalists in Western and non-Western countries interpret digital technology.

Hugh Paterson III
Hugh Paterson III
Collaborative Scholar

I specialize in bespoke research at the intersection of Linguistics, Law, Languages, and Technology; specifically utility and life-cycle management for information products in these spaces.