It has been nearly 25 years since the Federal Trade Commission recommended Congress pass a national online data privacy law. Since then, 20 states have adopted varying online data privacy rules, and bills have been introduced in another 16 states. Apps, by their very nature, function across state lines and attract customers globally. Moreover, data is critically important in apps’ development, testing, marketing, and growth.
It has never been more important for Congress to pass a single national data privacy law. With more and more states passing their own privacy bills, each with its own unique requirements and compliance guidelines, the United States’ privacy landscape is expensive and nearly impossible to comply with. Many states have overly strict regulations that limit developers’ data use and collection, making it extremely difficult to run and grow an app business.
If the US wants the app economy to continue thriving, policymakers must find common ground that protects consumers’ digital privacy and data without inhibiting innovation, overregulating data collection and use, or creating new legal risks for app developers.
The current privacy landscape is a costly compliance nightmare.
The existing privacy framework in the United States is untenable for developers. As of March 2025, 20 states have adopted varying online data privacy rules and bills have been introduced in another 16 states.
Apps, by their very nature, function across state lines and attract customers globally. The specter of 50 different privacy laws, with different requirements, carve-outs, and definitions, represents a compliance nightmare for developers. The costs alone of complying with 50 different privacy laws will crush innovation.
Developers need a single, national data privacy law that preempts all state laws and unifies compliance.
Radical privacy laws are detrimental to developer success.
Data is a foundational aspect of the app ecosystem. Apps often collect anonymous, nonsensitive data from platforms like Apple’s App Store and Google Play. Developers benefit significantly from this data, as it powers digital advertising, provides valuable insights and reports, and helps inform business decisions. For example, Google Analytics and the Play Console collect and process customer data to help Bickster, a fitness app based in Dunedin, FL., better understand its customers and provide an enjoyable app experience.
Unfortunately, some states are taking more radical approaches to data privacy laws that threaten the app ecosystem.
Take Maryland, for example. Maryland’s law, which takes effect October 1, 2025, severely limits app platforms’ ability to collect data beyond a user’s device type, operating system version, and possibly their language. Without this data, advertising, analytics, and other services would be impossible or prohibitively expensive to offer to app developers.
Some state laws even have private right-of-action provisions, opening the door to frivolous lawsuits that cost developers high legal fees and settlements they can’t afford. This is no way to create a thriving app ecosystem.
“Carve-outs” are well-intentioned but fail to protect small developers.
It’s important to note that some state privacy laws try to protect small businesses with “carve-out” provisions, exempting businesses with fewer than i.e. 100,000 users from compliance. Unfortunately, lawmakers fail to understand that even the smallest businesses often collect more data than these arbitrary thresholds and force thousands of apps to comply even though they may not be the intended target of the laws. Moreover, small apps that do fall below the threshold rely heavily on digital partners like Google and Apple for much of their data collection and processing needs. In this sense, carve-outs will not spare smaller businesses from the repercussions of a poorly constructed privacy law.
Limit litigation risk for smaller developers.
The enforcement of privacy laws should remain with the state and federal governments. Too often, new laws include private rights of action that empower overzealous trial lawyers to serially file suits against small businesses for non-material violations or violations that caused no harm. The precedents for frivolous lawsuits from private rights of action in the Americans with Disabilities Act and serial patent litigators, which are deeply familiar to add developers, have cost developers millions of dollars in legal fees and settlements.
Developers need a balanced federal privacy law.
Developers need a national data privacy law that balances consumer protection with data’s critically important role in the app and broader digital ecosystem. Radical data minimization provisions will hurt small developers, as will private rights of action that invite frivolous lawsuits against small businesses.
Click Here to stay informed and learn more about opportunities to weigh in with legislators regarding balanced, national data privacy legislation.
