Brooklyn Journal of Corporate, Financial & Commercial Law


Marissa Wong

First Page



With the ongoing expansion of internet services and increase in cyberattacks, Congress has long recognized the need for comprehensive federal privacy legislation, but no federal legislation has been passed. Currently, the scatter-shot of sector and state-specific privacy laws have proven to be ineffective. The authority of the Federal Trade Commission (FTC) has also been weak. The unexpected occurrence of the COVID-19 pandemic further exposed the dire need for comprehensive federal privacy legislation. Data-collection methods such as facial recognition, immunity passports, and contact tracing leave users’ health and location data vulnerable in the hands of the government and private companies. Technologies such as Zoom have also revealed privacy concerns. Amongst the many state-based privacy laws, the California Consumer Privacy Act (CCPA) is the most comprehensive state law to date. It governs every company that does business with a California company, has California resident customers, or collects any personal data of a California resident. However, this Note will suggest that the CCPA and other state and sector-based regulations still leave loopholes. While there are comprehensive federal privacy bills being proposed, none have been passed due to the inability of the political parties to agree on the issues of preemption and private right of action. This Note will suggest a new approach to federal privacy regulation – a revised private right of action component, a sunset provision for preemption, and a minimization of disparate impact and increased scope of governance in COVID-19-responsive legislation.