News

The Verge: America desperately needs new privacy laws

February 22, 2026

State-level and international regulations have addressed some privacy risks. Companies in Europe have been governed by the General Data Protection Regulation (GDPR) since 2018, though a rollback was proposed late last year. Several states have passed some form of general privacy framework, as well as more specific rules — Illinois’ biometric privacy law has facilitated lawsuits against Meta and others, for instance, and New York mandated algorithmic pricing disclosure a few months ago. However, privacy advocates warn many of the rules are inadequate. The Electronic Privacy Information Center (EPIC) and US PIRG Education Fund graded state consumer privacy bills in 2025, and only two states, California and Maryland, earned higher than a C.

EPIC deputy director Caitriona Fitzgerald tells The Verge that Congress has passed at least one meaningful reform lately: the 2024 Protecting Americans’ Data from Foreign Adversaries Act, which Fitzgerald calls “the strongest privacy law to be passed at the federal level in recent years.” PADFAA bars data brokers from letting hostile nations access sensitive personal information of Americans, and EPIC used it to file a complaint against Google’s real-time bidding ads system — which it alleges broadcast sensitive data indiscriminately.

Read more here.

Support Our Work

EPIC's work is funded by the support of individuals like you, who allow us to continue to protect privacy, open government, and democratic values in the information age.

Donate