If you have a smartphone, bank account, credit card, or Facebook profile – chances are you have all four – you’ve probably thought about the safety of your personal data.

Sometimes, lapses in cybersecurity are to blame for exposing our information. Hackers stole data on billions of Americans last year from companies like Marriott and T-Mobile. The year before, Equifax, one of the three major credit bureaus, announced that thieves had exploited a security flaw in its databases and snatched the names and social security numbers of more than 147 million people.

Other times, we share our personal information with companies online without fully understanding how they use it or to whom they sell it. One infamous example of this practice gone wrong is Facebook’s relationship with Cambridge Analytica, which sparked a furor when information about its involvement in the 2016 presidential election came to light.

After so many breaches of confidence, consumers are starting to pay attention. A survey by the U.S. Census Bureau shows that three quarters of internet-using American households had “significant concerns” about online privacy and security. And they aren’t hopeful about the future. A growing body of research suggests that Americans are simply resigned to giving up their data to companies, even though they find it troubling.

Now, lawmakers on both sides of the aisle are beginning to find common ground on data privacy. While there isn’t yet broad agreement on specific policies, politicians on both sides of the aisle are engaged in finding solutions.

The Current Landscape

The U.S. has no comprehensive federal law that regulates how our personal data is collected and used. Instead, we have laws governing specific kinds of data, like medical and financial information, or, thanks to the Children’s Online Privacy Protection Act of 1998, data belonging to children under the age of 13.

Generally, our data privacy laws are built on the model of informed consent, the idea that by checking a box or signing a form, we agree to let a third party use our data in certain ways. In the 1990s, our public policies aimed to use this model of informed consent as a way of ensuring that government overregulation did not hamper growth in the tech industry. Consumers could opt to share their data and use a particular service online, the reasoning went, or they could choose not to share it. The market would determine what level of privacy consumers demanded.

Many experts now argue that the reality has changed radically since then, and that this framework no longer makes sense. For every app we download, we have the choice of reading a long legal agreement and accepting the app maker’s terms of service, or simply not using the app. As businesses push more and more interaction online, from banking transactions to travel reservations, life becomes more difficult without them.

Further, we give up our data just by going about our daily activities. Your car’s license plate may be photographed by a city agency as you cross bridges and tunnels, for example, and many of us will soon need passes to drive on toll roads. In instance like these, it would be difficult, if not impossible, for an individual to opt out.

Last year, California enacted a major data privacy law, which many experts have said is the most stringent in the nation. While some heralded this as a significant step forward for consumer privacy, others began to worry that different states could write different laws, creating a confusing patchwork of regulations for consumers and tech companies alike.

Online Privacy is a Bipartisan Issue

Many politicians used to argue that government regulation of how companies handle data would stifle innovation. After several years of high-profile data privacy scandals, however, consensus is building that our laws need to catch up to our technology. Members of Congress have introduced at least 15 bills this year on data privacy.

For example, the DASHBOARD Act, introduced by Senators Mark Warner (D-VA) and Josh Hawley (R-MO), would require social media companies to disclose the value of their users’ data. The Social Media Privacy and Consumer Rights Act, written by Senators Amy Klobuchar (D-MN) and John Kennedy (R-LA), would “ensure that companies use plain language to explain to consumers how their data is being used, allow consumers to opt out of certain data tracking and collection, and require companies to notify consumers of privacy violations within 72 hours of a breach.”

In addition, a bipartisan working group in the Senate, led by Roger Wicker (R-MS), is slowly drawing up its own legislation. Marsha Blackburn (R-TN), who is co-chairing a tech task force with Dianne Feinstein (D-CA) in the Senate, says she intends to focus her energy on data privacy.

Congress has yet to pass any of these bills, so consumers can’t breathe easy quite yet. Still, lawmakers on both sides of the aisle generally agree that action to protect our data is critical. Their work across party lines is unfinished, but certainly encouraging.

Learn More

The Privacy Project: This months-long exploration of data privacy looks at every facet of our personal information today – via The New York Times

Consumer Privacy Bill of Rights: A former Obama official lays out his framework for data privacy – on the website of a conservative think tank – via Brookings

“The Worst Is Yet to Come”: A cybersecurity reporter chronicles the biggest data crises in 2019 so far – via Wired

As Goes California, So Goes the Nation? House Minority Leader Kevin McCarthy of California has come out in favor of national data privacy legislation. Here, he discusses how to balance that goal with innovation – via The Wall Street Journal