Building a Digital Future: Is America Ready for a Federal Digital Bill of Rights?

By: Evan Lees

In 2014, the Supreme Court issued a landmark ruling in Riley v. California, mandating that law enforcement obtain a warrant before searching digital information and underscoring the critical need for privacy protections in the digital age.[1]

With the rise of data breaches, expansion of Big Tech companies, and continued advancement of technology designed to steal online information, Americans are now desperate for a modern legal framework to protect their rights online. A study conducted by Ipsos found that “over 80% of Americans were concerned with the safety and privacy of their online data. Another study found that over 70% of Americans support establishing national standards for how companies collect personal data and support treating data privacy for individuals as a national security threat.”[2]

A nationwide digital bill of rights could be the solution.

In the wake of Governor Ron DeSantis signing Florida’s Digital Bill of Rights (“FDBR”) into law, the call for federal legislation aimed at protecting freedom of speech, privacy, and regulation of big technology companies in the digital realm has become louder than ever.[3] Likewise, in November 2024, then-President-Elect Donald Trump made an appearance on Robert F. Kennedy Jr.’s YouTube channel, promising his commitment to passing a federal digital bill of rights, which would provide Americans with the right to digital due process.[4] Before our country is ready to adopt such a revolutionary document, however, assessing what a potential digital bill of rights would look like, as well as determining whether it is realistic in the foreseeable future, is necessary.

The first question is which rights would be granted in a federal digital bill of rights. Some suggest that a digital bill of rights must start by giving consumers and the government reasonable levels of control and oversight over tech companies.[5] Florida’s version would likely be the most feasible example for a comparison. The FDBR focuses on four main rights: the right to freedom from unfair censorship, the right to control personal data, the right to know how internet search engines manipulate search results, and the right to protect people from online harms.[6] “The FDBR imposes obligations on ‘controllers’ (for-profit legal entities that conduct business within the state of Florida, collect personal data from consumers, and determine the purposes or means of the processing of personal data) who have an annual global revenue of more than $1 billion” and meet a few other criteria.[7] These obligations include limitations on personal data collecting, higher security measures, annual privacy notices, and mandated consent when processing a user’s personal data.[8] Data collection is further restricted for children under the FDBR to protect them in online spaces such as social media platforms.[9]

Other than restrictions on controllers, the FDBR also vests Florida consumers with certain access and control regarding their own online data, including the right to delete, change inaccuracies, and opt out of collection of their data by controllers.[10] As for freedom of speech, the statute includes a provision that prohibits government employees and entities from directly contacting a social media platform to request the removal of content or accounts, promoting freedom of speech online.[11] Because the FDBR is new, it is likely too early to determine whether or not it has been a success. However, if it operates as intended, Florida residents will have more protection over their privacy and freedom of speech online than ever before, protections that a federal bill could provide to all Americans.

But could the FDBR be effectively replicated as a federal statute? More importantly, should it? The topic of adopting a federal digital bill of rights has been a controversial one for over a decade. A 2012 Forbes article argued that the protections sought after through a right to digital due process are already provided by our Constitution and that “policymakers should instead just recommit themselves to a promise made a generation ago to keep their ‘Hands off the Net.’”[12] Now, well over ten years later, advising policymakers to stay away from the digital privacy issue may no longer be a viable option.

Nevertheless, there are some concerns with the FDBR that would likely pose significant challenges to the adoption of a federal version. These include the scope through which the FDBR’s restrictive definition of “controller” would be applied federally, the potential to stifle innovation, and unclear enforcement methods. For example, the FDBR’s definition of a “controller” only applies to entities with an annual revenue over one billion dollars, making it irrelevant for most businesses.[13] This raises valid questions about whether such a threshold will be effective enough to protect consumers:

Rather than determining applicability by revenue, most state data privacy statutes determine applicability by the number of users’ data a company processes in a calendar year. In short, the FDBR’s applicability provision prioritizes curtailing consumer data collection from large technology companies at the expense of making the statute inapplicable to smaller corporations.[14]

 

Some critics would argue that strict regulation of any of these companies will stifle innovation and make it difficult for controller-defined businesses to improve their services, costing the United States its position in the international tech market.[15] Data collection is an important tool essential to driving technological and global competition. Compliance complications could lead to businesses’ complete refusal to use data insights: “While this will certainly ensure the company does not run into data privacy non-compliance issues, it can also stifle future innovation and efficiency. For companies of any size, data insights can drive success.”[16]

Perhaps the main concern with a federal digital bill of rights is the issue of enforceability. The brief ban on TikTok sparked significant debate over the scope of government authority in the digital space.[17] Legislators may be reluctant to support a digital bill of rights that gives the government extensive regulation over online businesses due to fears that such regulation would be viewed as over-intrusive. Moreover, how can the government guarantee enforcement of these digital rights on a scale never seen before at the federal level? Even enforcement of online privacy law at the state level has had its struggles. For instance, recent Utah legislation created a parental consent requirement for minors to open social media accounts to protect children’s privacy rights, but it did not make clear how government agencies would practically enforce those rights.[18] As such, federal legislators would need to be cautious when considering enforcement mechanisms for a digital bill of rights.

Additionally, states and the federal government are already taking incremental steps toward protection in the digital age without a federal digital bill of rights. A wave of new requirements through federal laws like the Children’s Online Privacy Protection Rule, or state laws like California’s Consumer Privacy Act (“CCPA”), and Virginia’s (“VCDPA”)[19] are recent innovations, [20] and more legislation is likely to follow. These state-level initiatives create a patchwork of digital privacy laws, complicating efforts to establish a national, uniform standard for digital rights protection. This jurisdictional complexity is further amplified by the decentralized nature of cyberspace on the international stage: “In the digital age, the infrastructure of such networks is becoming more global and more dependent on shared resources and joint solutions,” according to one commentator.[21] Essentially, the borderless nature of the internet could complicate the enforcement of uniform federal digital rights.

Regardless of the current obstacles in the way of implementing a federal digital bill of rights in the United States, it is worth monitoring the performance and feedback of the FDBR, as states can often serve as laboratories for future federal legislation. Whatever the future of digital privacy rights in America holds, the key will be finding an approach that balances creative policymaking and a dedication to safeguarding both personal privacy and technological progress.

 

Photo Link: https://savvycyberkids.org/2018/10/28/who-makes-the-rules-your-digital-bill-of-rights/

[1] See Riley v. California, 573 U.S. 373 (2014).

[2] Daniel Self, Surveilling Big Tech: Navigating Censorship Concerns and Consumer Protections in Florida’s Digital Bill of Rights, 25 N.C. J.L. & Tech. 283, 286 (2023).

[3] Nancy Libin, et al., Florida Digital Bill of Rights Signed Into Law, Davis Wright Tremaine, LLP (June 8, 2023), https://www.dwt.com/blogs/privacy–security-law-blog/2023/06/florida-digital-bill-of-rights-data-privacy.

[4]  Robert F. Kennedy Jr., Trump: Free Speech, YouTube (Nov. 9, 2024), https://youtu.be/xJfUXVOoFBo?si=KLG_2ytVrgH77_iU.

[5] See Ramesh Srinivasan, Americans need a ‘digital bill of rights.’ Here’s why, The Guardian (Jan. 28, 2020), https://www.theguardian.com/commentisfree/2020/jan/28/americans-need-a-digital-bill-of-rights-heres-why.

[6] Dhruva Krishna, Are Digital Bills of Rights A Sound Solution to Conflict Among Tech Companies, Consumers, and Government?, FedSoc Blog (Apr. 18, 2023), https://fedsoc.org/commentary/fedsoc-blog/are-digital-bills-of-rights-a-sound-solution-to-conflict-among-tech-companies-consumers-and-government.

[7] F. Paul Pittman et al., Florida Enacts the Digital Bill of Rights, Joining the Growing Privacy Landscape, White & Case (Sept. 20, 2023), https://www.whitecase.com/insight-alert/florida-enacts-digital-bill-rights-joining-growing-privacy-landscape.

[8] Id.

[9] Id.

[10] Id.

[11] Pittman et al., supra note 7.

[12] Adam Thierer, We Don’t Need a Digital Bill of Rights, Forbes (June 15, 2012), https://www.forbes.com/sites/adamthierer/2012/06/15/we-dont-need-a-digital-bill-of-rights/.

[13] See Pittman et al., supra note 7.

[14] Self, supra note 2, at 286.

[15] See Susan Arbetter, Pros and cons to federal digital antitrust legislation, Spectrum News 1 (July 27, 2022), https://spectrumlocalnews.com/nys/central-ny/politics/2022/07/27/pros-and-cons-to-federal-digital-antitrust-legislation.

[16] Sydney Wolofsky, A Book Dedicated to Int’l. Env. Law: Note: What’s Your Privacy Worth On The Global Tech Market?: Weighing The Cost of Protecting Consumer Data Against The Risk That New Legislation May Stifle Competition And Innovation During This Global Tech. Revolution, 44 Fordham Int’l L. J. 1149, 1193–94 (2021).

[17] Ashley Gorski & Patrick Toomey, Banning TikTok is Unconstitutional. The Supreme Court Must Step In., ACLU (Jan. 15, 2025), https://www.aclu.org/news/national-security/banning-tiktok-is-unconstitutional-the-supreme-court-must-step-in.

[18] The Associated Press, Utah’s new social media law means children will need approval from parents, NPR (Mar. 24, 2023), https://www.npr.org/2023/03/24/1165764450/utahs-new-social-media-law-means-children-will-need-approval-from-parents.

[19] Virginia Consumer Data Protection Act (VCDPA), Bloomberg Law (2025), https://pro.bloomberglaw.com/insights/privacy/virginia-consumer-data-protection-act-vcdpa/#:~:text=The%20VCDPA%20gives%20consumers%20the,targeted%20advertising%20and%20sales%20purposes.

[20] Krishna, supra note 6.

[21] Yulia Razmetaeva et al., Jurisdictional Issues in The Digital Age, 10 Ius Humani L. J. 167, 170 (2021), https://www.researchgate.net/publication/351171307_Jurisdictional_Issues_in_the_Digital_Age.