A leading voice in the intricate dance between federal policy and state legislation, Donald Gainsborough of Government Curated joins us to unravel one of the most pressing issues of our time: the escalating conflict over data privacy. As federal agencies intensify their demands for sensitive resident information, states are responding with a flurry of new laws and lawsuits, creating a complex and high-stakes battleground. Today, we’ll explore the shifting legal pressures states are facing, compare the diverse legislative shields they are raising in their defense, and examine the fundamental legal arguments that will shape the future of privacy and federalism in America.
The 2017 election integrity commission was met with state resistance, but now requests are coming from formal agencies like the Justice Department. Can you elaborate on the key legal differences here and explain, step-by-step, how this changes the kind of pressure states are currently facing?
That’s the absolute crux of the issue, and it’s a night-and-day difference in the kind of pressure state officials are feeling. The 2017 commission was, legally speaking, a rather toothless entity. As policy experts like Thessalia Merivaki have pointed out, a presidential advisory commission simply lacks the legal standing to compel a state to do anything. States could, and did, push back, and the commission eventually folded under legal and public pressure. But now, the game has changed entirely. When a request for voter rolls or benefit program data comes from a formal agency like the Justice Department, it carries the full weight of the federal government. There’s an implied threat of firmer legal ramifications for noncompliance. It’s no longer a political suggestion; it feels like a legal mandate, which forces states to move from simple defiance to constructing robust, legally defensible fortifications for their data.
We’re seeing different legislative strategies, from Connecticut’s broad ban on location data disclosure to Illinois’ specific law protecting student immigration status. Can you compare these approaches and share any anecdotes or early metrics on which type of law offers a stronger defense in practice?
It’s a fascinating tactical split that reveals different philosophies of protection. Think of Connecticut’s law as building a fortress. Passed in November, it creates a broad prohibition on disclosing any information that could pinpoint a person’s location, whether it’s their address, their work hours, or even an appointment with a public agency. It’s a proactive, preventative strategy. Illinois, on the other hand, has forged a targeted shield. Their new law is incredibly specific, prohibiting schools from disclosing a student’s immigration status to law enforcement. This is a surgical strike designed to protect a particularly vulnerable group in a sensitive environment. As Maddy Dwyer from the Center for Democracy and Technology has noted, both are part of a growing trend. While we don’t have long-term metrics yet, the Connecticut model is gaining traction because it attempts to solve the problem at the source by impeding the collection and voluntary sharing of sensitive data in the first place, rather than just fighting over it after the fact.
Connecticut’s law is interesting because it aims to prevent the collection of certain data in the first place. Could you walk us through a specific scenario that shows how this “collection-blocking” strategy provides a more robust defense than simply refusing to share data a state already holds?
Absolutely. Let’s imagine a scenario where a federal immigration agency requests a list of all individuals who have appointments at a state-run health clinic, suspecting that some may be undocumented. In a state that simply has a policy of refusing to share, that data still exists on a server somewhere. The state is then in a defensive legal battle, arguing over whether it must turn over information it possesses. Now, consider the same request in Connecticut. The state agency can respond by saying it is legally banned from disclosing that information. The law prevents them from sharing nonpublic “information that provides the date, time or place where such individual may be located.” It’s a much stronger position. The defense is no longer a discretionary choice but a statutory obligation. It fundamentally alters the dynamic, making the data legally untouchable from the outset rather than something to be guarded under siege.
With over 20 states now filing lawsuits against federal efforts to access benefit program data, what are the primary legal arguments they are making? Could you outline the core constitutional or statutory claims being used to challenge this federal overreach?
The core of the argument across these lawsuits—and we’ve seen more than 20 states file them—is a direct challenge to federal overreach. States are essentially arguing that the federal government is demanding access to highly sensitive data, like Social Security numbers and addresses from programs like SNAP, for purposes completely unrelated to why that data was collected. The information was provided by residents to receive food or medical assistance, not to facilitate immigration enforcement. The states are positioning themselves as the rightful custodians of this data, arguing that the federal government is exceeding its statutory authority. They are fighting to protect the integrity of these benefit programs and the trust of their residents, asserting that compelling them to share this data for unrelated enforcement actions is an abuse of federal power.
What is your forecast for this ongoing battle over state data privacy? Considering the mix of new state laws and aggressive federal requests, which side do you believe has the upper hand heading further into 2026, and why?
Looking ahead to the rest of 2026, I believe the states have the momentum and, therefore, the upper hand. The federal pressure is immense and legally potent, but the state-level response has been surprisingly swift, coordinated, and multi-faceted. We saw nearly 80 bills addressing data privacy introduced across 29 states just last year—that’s not a scattered defense; it’s a nationwide movement. Furthermore, there’s a powerful precedent here from the successful pushback against the 2017 commission. What gives me the most hope is the coalition that’s forming: public interest advocates, state benefit administrators, and governors are banding together. While the federal government has powerful tools, the states are building a legal and legislative bulwark, brick by brick. They are fighting on their home turf, defending their own residents, and that gives them a resolve that I believe will be the defining factor in this conflict.
