By Daniel J. Solove
The US regulates privacy with a sectoral approach, with laws that are directed only to specific industries. In contrast, the EU and many other countries have an omnibus approach — one overarching law that regulates privacy consistently across all industries. The US is an outlier from the way most countries regulate privacy.
About 15 years ago, the sectoral approach was hailed by many US organizations as vastly preferable to an omnibus approach. Each industry wanted to be regulated differently, in a more nuanced way focused on its particular needs. Industries could lobby and exert their influence much more on laws focused on their industry. Additionally, some organizations liked the sectoral approach because they fell into one of the big gaps in regulation.
But today, ironically, the sectoral approach is not doing many organizations any favors. There are still gaps in protection under the US approach, but these have narrowed. In fact, many organizations do not fall into gaps in protection — they are regulated by many overlapping laws. The result is a ton of complexity, inconsistency, and uncertainty in the law.