Domestic law and policy
Domestic law and policy regarding digital identity exists on a state-by-state basis. No movements have been made to move towards a digital ID system in American Samoa. While the U.S. Congress is currently considering a Digital ID law, that law is currently in the very early stages of the legislative process.[7]
Data Protection
The United States currently does not have a comprehensive data protection and privacy law at the federal level. The law directs certain industries, such as healthcare providers under the Health Insurance Portability and Accountability Act (HIPPA) and financial institutions under the Gramm-Leach-Bliley Act (GLBA), on how to use and protect sensitive data.[8] Industries must limit collection of data of children under the age of 13 and obtain guardian or parental consent before obtaining personal information of underaged children under the Children’s Online Privacy Protection Act.[9]
International Commitments
While the United States is not a party to any international framework, agreement, or treaty that obligates the United States to conduct itself in a certain way regarding digital IDs, the United States is a member of a number of organizations studying the best path forward regarding digital IDs. As a member of the OECD, the United States was a party to a G7 Mapping Exercise of Digital Identity Approaches to inform discussions within the G7 Digital and Technology Working Group.[10] The United States also plays a role in shaping standards in the private sector, including digital ID, with the National Institute of Standards and Technology and the documents they release to shape industry standards.[11]
The United States does not currently violate any obligations through the implementation of the Digital ID system.
