The European Union launched GDPR in 2018, immediately casting the U.S. to the also-ran position when it comes to protecting consumer data rights.

Since GDPR went into effect, only California has successfully passed a comprehensive data privacy law. Just 14 states formally introduced a data privacy law and if it were up to big tech, the fewer the states, the better.

Companies are holding out for a federal privacy law, and for good reason. A federal data privacy law would streamline compliance across the 50 states and its territories. It would also allow companies to lobby on Capitol Hill.

A successful data privacy law allows for adequate consumer protection without stifling industry innovations; compliant companies should be able to answer these questions:

• How is consumer data collected and used?
• How is the data stored?
• What are a company's ethics in terms of data collection?
• What is the process for copying or deleting data upon verifiable request from consumers?

Here, CIO Dive tracks the states pursuing data privacy laws. For each state, there is a brief description of the law's requirements, its status and a link to the original law.

CIO Dive will mark a bill as "passed" if it clears legislative hurdles without significant modifications that detract from its intent as comprehensive data privacy legislation.

Want to know when a new state data privacy law is passed? Sign up for our newsletter to get an updated version of this tracker when a law surfaces. Have a question or comment? Email us.