Which level is better placed to provide efficient data protection – the federal or the state level? This question is topical both in the United States and in the European Union. In the US, there are concerns regarding the increased fragmentation of American data privacy law and the lack of relevant federal consolidation. In the EU, the proposed General Data Protection Regulation (GDPR) supposed to replace the Directive of 1995 was met with opposition regarding the “over-centralization of powers” in the European institutions.