Washington State is working towards the passage of a new privacy law.
Industry likes it.
The ACLU doesn't.
Reading through the actual proposed bill is tedious, but it does have a lot of GDPR-like aspects to it. Unfortunately, it also has lots and lots of wiggle room for corporations who want to avoid provisions for correcting or deleting data they hold (including a wonderful mention of needing info for "legal defense" reasons, which I suspect can be used to invalidate just about any request in the good old United States of Litigiosity).
The rhetoric of new State privacy laws in the U.S.A. prevails every day. Soon we'll have 50! Will having Federal law be any better? I'd much rather be on the beach then track what misinformed congressional staff dream up as being relevant to protecting individual privacy rights and seeing law that enables big tech. Even my little legal beagle friend knows the common denominator to doing the right thing - that is Privacy-by-Design. Building privacy-preserving features into software and big data AI pipelines is the technical solution. Then compliance with the entire tapestry of global regulations will fall into place. We need more software engineers to think about protecting rights and building that into their software architecture design patterns.