Invasive government and corporate surveillance isn’t inevitable — but Congress needs to act. Published on Feb 22, 2026, 1:00 PM UTC, by Adi Robertson, a senior tech and policy editor focused on online platforms and free expression.
In 1973, before the digital age, the US Department of Health, Education, and Welfare released a report highlighting concerns about computers managing personal records, warning about the lack of legal protections for privacy. This concern led to the Privacy Act of 1974, which established initial rules for computerized records. Over the years, additional privacy regulations have been enacted in various sectors. However, the surge in digital surveillance by both governments and businesses has outpaced the legislative response.
Lawmakers have repeatedly attempted to enhance privacy protections, yet significant bills have stalled. Proposals to update the 1986 Electronic Communications Privacy Act faced pushback over fears of impeding law enforcement. Despite bipartisan efforts, no comprehensive federal law governs data collection and usage by private firms. Even targeted measures like the Fourth Amendment Is Not for Sale Act, limiting police use of data brokers, have failed to become law.
Emerging technologies such as augmented reality glasses and AI introduce new risks, facilitating surveillance and the mishandling of personal data. Government misuse of data analytics and facial recognition is apparent, and data breaches commonly expose personal information. Despite potential congressional action and initiatives like the Fourth Amendment Is Not for Sale Act, privacy issues remain largely unaddressed on a federal level.
Some state and international regulations have addressed privacy issues, such as the EU’s General Data Protection Regulation (GDPR). In the US, some states have implemented privacy laws, like Illinois’ powerful biometric privacy law and New York’s algorithmic pricing disclosure mandate. Nonetheless, critics argue these measures are insufficient.
The 2024 Protecting Americans’ Data from Foreign Adversaries Act is a recent federal effort to bolster privacy, preventing data brokers from sharing Americans’ sensitive information with hostile nations.
Yet overall, existing privacy measures are inadequate. Experts and advocacy groups recommend establishing an independent federal data protection agency and allowing individuals to sue for privacy violations. Proposals like the Data Justice Act aim to redefine the handling of personal data, emphasizing individual control.
Despite irreversible advances in technology, it’s crucial for legislators to earnestly address the privacy risks accompanying these innovations and champion robust protections.
Worldwide, privacy practices are regressing, influenced by policies like online age verification. In the US, the Supreme Court has approved age checks for adult content websites, and states have mandated age verification for apps, a move that may soon face judicial review. Competitive pressures exacerbate privacy violations by concentrating data in few companies, undermining regulation. Additionally, the Trump administration’s regulatory practices have hindered fair enforcement.
Calls to “ban facial recognition,” particularly in law enforcement, are growing, with efforts to restrict its use on private devices like smart glasses.