Brooklyn Journal of International Law


Scott Resnick

First Page



Data privacy has become one of the premier hot-button issues in today’s increasingly digital human experience. Legislatures around the globe have attempted to act swiftly in an effort to safeguard the highly coveted personal information of their citizens and combat misuse at the hands of international businesses operating with an online presence. Since the European Union’s enactment of the General Data Protection Regulation (GDPR) in 2018, countries around the globe have been grappling with how best to replicate the EU’s leading data privacy regulation while providing the same or greater level of transparency into data collection practices. While a mere handful of countries have legislated a singular federal data privacy regulation, the United States – the birthplace of the “dot com bubble” – has largely lagged behind in its’ response. With California’s enactment of the California Consumer Privacy Act (CCPA) in 2020, combined with the absence of federal regulation on the horizon, the United States has signaled that the country’s approach to data privacy regulation will be centered on a state-by-state strategy. It has become apparent that the burdens on international businesses operating with an online presence will be proliferated through this approach when taking into account the various country-wide frameworks being implemented in other parts of the globe. This note offers a view of those arduous burdens through the lens of businesses who have already revamped their processes for the handling of consumer data in response to the GDPR and must now integrate a new approach in light of the CCPA. In doing so, the dissimilarities between the two regulations will be highlighted and analyzed, as well as the regulatory impacts that the two premier regulations have on the larger digital marketing ecosystem as a whole. Ultimately, this note argues that when taking into account the imminent passage of new regulations both within the United States as well as around the globe, the most comprehensive solution proves to be the development of a uniform international framework – the International Data Privacy Agreement (IDPA).