[If you’re online — and, well, you are — chances are someone is using your information. We’ll tell you what you can do about it. Sign up for our limited-run newsletter.]

Other parts of the world have struggled with, and overcome, similar issues. The 2016 passage of the European Union’s General Data Protection Regulation was preceded by numerous individual laws governing data privacy in individual countries. As a 2019 report from the European Commission put it: “One key objective of [G.D.P.R.] was to do away with a fragmented landscape of 28 different national laws that existed … and to provide legal certainty for individuals and businesses throughout the E.U. That objective has been largely met.”

In the United States, 29 states have passed laws related to data privacy. The hastily passed California law, which goes into effect next year, applies to any company that both does business in California and collects information from any individual who lives in the state. Vermont has a narrowly focused law that only addresses data brokers. Maine doesn’t regulate data brokers but does regulate internet service providers. Illinois has a law on biometric data that most other states don’t.

The patchwork of state laws is only getting more convoluted. Fourteen states have considered legislation on internet service providers. Twenty-five states and Puerto Rico have considered legislation focused on various aspects of consumer data. All 50 states, the District of Columbia., Guam, Puerto Rico, the Virgin Islands and even some municipalities have their own laws about how to respond to data breaches.

All of those laws are subject to change. In 2019, states considered at least 21 measures to amend data breach laws. Over 150 pieces of legislation on consumer data have been considered, and five states passed bills mandating privacy studies to inform future legislation.

This complex and inconsistent regulatory environment risks the country ceding our position as a leader in technology. The patchwork benefits only lawyers and the multimillion-dollar data compliance industry, which helps wealthier, better resourced companies navigate the landscape of state data regulations for a fee. It is unfair to expect small business owners and entrepreneurs to become legal experts and navigate the complex data laws of their state and any other state in which they want to do business.

The best solution is a federal law that provides a consistent set of standards for both online and offline companies regardless of where their customers are. These standards would help provide Americans with the protections they deserve and businesses with the certainty they need. Congress needs to pass comprehensive, economywide legislation to ensure this happens.