There are some movements in the US to get federal privacy legislation (this is getting more likely now that 4+ states have local legislation). While a lot of the press coverage is about what types of data are regulated, the inside-baseball chatter is much more focused on the how of enforcement. In particular: is there a private right of action? Or in layman's terms: Can I, just some citizen, sue over private violations? This will impact what's actually "allowed" far more than what the law says.
The actual impact of GDPR in Europe is hamstrung by the enforcement mechanisms. All enforcement happens via regulators or government agencies, just like how most CCPA enforcement in California must be undertaken by the Attorney General. Private citizens can lodge a complaint, but cannot actually force action. Despite their increased mandate, most agencies did not receive additional funding post-GDPR and effectively act as a bottleneck to enforcement actions.
(It's even worse because American companies are HQd in Ireland for tax haven purposes, so they get regulated by the Irish agency, which is strategically underfunded so as not to scare away the revenue streams.)
The actual impact of GDPR in Europe is hamstrung by the enforcement mechanisms. All enforcement happens via regulators or government agencies, just like how most CCPA enforcement in California must be undertaken by the Attorney General. Private citizens can lodge a complaint, but cannot actually force action. Despite their increased mandate, most agencies did not receive additional funding post-GDPR and effectively act as a bottleneck to enforcement actions.
(It's even worse because American companies are HQd in Ireland for tax haven purposes, so they get regulated by the Irish agency, which is strategically underfunded so as not to scare away the revenue streams.)