Josh Gindis

The Commerce Clause of the Constitution dictates that Congress shall maintain the right to regulate commerce not only between nations, but between states, establishing a framework for federal oversight of economic activity that transcends state borders. [1] This power was affirmed and cemented into law in the landmark case of Gibbons v. Ogden, in which the Supreme Court established federal supremacy in the matter of laws pertaining to interstate trade, which was broadly defined to encompass goods, services, and even navigational rights. [2] Since this ruling laid the foundation of the federal governments’ role in economic regulation, its scope has widened as it evolves in the face of modern challenges. Today, the interstate flow of data fits squarely within the purview of Congress’s regulatory reach—and yet, there is no unified federal approach to the regulation of data, its handling, and the privacy concerns that surround it. Not only does this leave individuals in states lacking their own legislation on this issue unprotected, but the disunified patchwork of state laws that businesses dealing in data must comply with is a hindrance to economic growth and technological innovation. The federal government ought to exclusively regulate data, preempting state laws regarding this matter, in accordance with the standard set by the Commerce Clause and the countless precedents thereby derived.

Data is unlike traditional commodities: it is intangible, infinitely replicable, and nearly always multilocational. [3] A single piece of data produced in New York may find itself processed on a server in Ohio, held in a data storage facility in Virginia, before being accessed by a user in California, duplicated for backup in Singapore, and analyzed by an algorithm in Bangalore—all within moments of its creation. This fluidity complicates traditional notions of ownership and jurisdiction, as data transcends physical boundaries and exists simultaneously in multiple places, often leaving a trail of copies that evolve independently over time. Distributed systems host this data not just for convenience, but to ensure its integrity, to reduce latency, and to safeguard it against technical failures, server crashes, or natural disruptions. As of 2025, over 400 million terabytes of data are created each day worldwide. [4] Such a dynamic, abundant, and ambiguous commodity defies containment within the regulatory grasp of any single state. Yet, paradoxically, we have entrusted the right and responsibility of its regulation to individual states, resulting in a fragmented approach unequipped to manage a good fundamentally intertwined with global systems. Navigating compliance with fifty–or more–state frameworks, rather than a single unified standard, imposes unnecessary complexity, stifling economic efficiency and innovation. The case for federal regulation of data, however, is not only a pragmatic one; it is firmly rooted in core constitutional law precedents regarding interstate trade.

The Supreme Court’s decision in the case of Heart of Atlanta Motel v. United States is a prime example of federalism, which ruled that a motel cease its racially discriminatory practices despite their legality under Georgia’s state segregation laws. [5] This ruling hinged on the motel’s position at the intersection of two interstate highways, and its consequent popularity as a place of lodging for out-of-state clientele. This indicates that the relevance of the Commerce Clause is dependent, at least in part, on the nature of the goods or services that Congress seeks to regulate, rather than solely on whether they explicitly cross state borders. Just as a motel may fall under federal jurisdiction when its business practices influence another state, privacy becomes the responsibility of Congress when data must cross state borders. As data is—as established—a fundamentally interstate good, like the motel, it falls within the purview of the regulatory arm of the federal government by merit of its very nature. Even if a particular piece of data doesn’t explicitly cross state lines, data functions by taking advantage of interstate channels.

This argument is bolstered by the precedent set in Wickard v. Filburn, a pivotal case that expanded federal authority under the Commerce Clause. [6] The court ruled that a farmer growing crops in excess of a government quota, even for personal use and not for commercial ends, could be in violation of the Interstate Commerce Act if their activities would have a substantial effect on interstate trade in aggregate. The decision established that activities that local, economically insignificant activities, can collectively influence national markets when aggregated across many individuals. This principle extends to data-related transactions and business activities, with those that are seemingly confined within state lines still being subject to Congress’s authority. For instance, a company which processes data in an exclusively intrastate fashion may still feed into larger digital supply chains. This may affect pricing, competition, or resource allocation, not just in the location of its occurrence, but nationwide. Just like a solitary farmer’s wheat, the usage of data can have widespread impacts on economic dynamics across large regions. Thus, Wickard v. Filburn provides a constitutional basis for the federal regulation of data, even when it does not explicitly play a role in interstate trade.

This is not to say that every activity that crosses state lines is subject to federal regulation. On the contrary, United States v. Lopez rejected congressional authority over an instance of illegal activity which allegedly affected interstate trade. [7] In doing so, the Supreme Court set standards limiting the application of the Commerce Clause. The Court reasoned that the activity in question lacked a clear economic dimension. This is a standard which has been repeatedly applied to cases of federal overregulation under the Commerce Clause: from Lopez to United States v. Morrison, which curtailed Congress’s jurisdiction over gender-motivated violence law with the same justification, and more. As a result, alleged interstate trade violations face stricter scrutiny under standards that require they be of a distinctly economic nature and demonstrate a substantial effect on interstate commerce. The global big data market is currently valued at an estimated 327.26 billion dollars and is projected to grow rapidly. [8] Data is of essence to modern business operations, driving decision-making, upping efficiency, and ingratiating itself into every sector of the economy. The handling of data and the laws governing its use, storage, and transfer extend far beyond a question of technology or privacy; instead, they are deep-rooted economic issues with a more substantial impact on interstate trade than perhaps any other modern commodity. Though data’s impact on the economy is evident, the standard of substantial effect requires the fulfillment of two additional criteria: rational basis and aggregate impact. The latter has already been evaluated: regulations on data surely affect interstate trade in the aggregate. The former, rational basis, is the least stringent of the three requirements for the demonstration of substantial effect and has been demonstrated by prior argumentation. In meeting the qualifications of substantial effect, this distinguishes the possibility of federal data regulation from the instance rejected by the Court in Lopez, satisfying the criteria set forth for the exercise of the Commerce Clause.

Even under a theoretical unified federal data regulation mechanism, states could attempt to implement privacy protections to supplement existing standards. Such supplementary protections have been upheld in other industries, namely, the case of National Pork Producers Council v. Ross., in which the Court examined the constitutionality of California law regulating the conditions of livestock pigs. The plaintiff alleged that California’s regulations—which surpassed the federally mandated standards—imposed a substantial negative effect on interstate trade. Though the economic impact of the law was beyond dispute, this argument ultimately proved ineffective. The Court ruled that the legislation served the interests of the rights of the state’s consumers such that its benefits outweighed the harmful effect on commerce between states. [9] The precedent established by this case would allow states to regulate data beyond federal protections. As this could negate the positive economic impact of the nationwide standardization federal legislation would provide, Congress would be incentivized to ensure the federal standard on data regulation would contain sufficiently strong consumer protections to maintain its ability to preempt states and prevent them from establishing individual laws which would nullify the purpose of a uniform standard. 

A federal approach to data regulation might draw on existing interstate commerce frameworks. For example, the Unified Commercial Code (UCC) fulfills a similar function by standardizing contract law between the states. [10] Though the UCC likely could not have been established federally due to 10th Amendment protections and the precedent in Lopez, it serves to achieve the same goals that a federal data law would: the fostering of economic growth through legal unification. A Congressional data regulation might more closely resemble the standardized regulation of the FAA or FCC, which ensures that aviation safety laws and telecommunications connectivity are consistent nationwide. [11] Historical parallels, like the federal standardization of railroad gauges in the 19th century, illustrate an instance of centralized regulation of interstate systems as a means of eliminating inefficiencies, thereby spurring progress and growth. [12] By building on such models, Congress could craft legislation that not only preempts the current patchwork state laws but also incorporates robust protections for consumers whose states currently do not adequately address issues such as individual privacy and cybersecurity. The Commerce Clause was penned to unify the nation’s economy; to ensure that the states are not a loose collective of independent entities, but a unified republic of states whose economies should be tightly intertwined, each one without prejudice to the other. This clause demands a federal response to the interstate reality of data. 

[1] U.S. Const. art. I, § 8, cl. 3.

[2] Gibbons v. Ogden, 22 U.S. 1 (1824)

[3] Nigel Cory, How Barriers to Cross-Border Data Flows Are Spreading Globally, What They Cost,

and How to Address Them, Info. Tech. & Innovation Found. (July 19, 2021), https://itif.org/publications/2021/07/19/how-barriers-cross-border-data-flows-are-spreading-globally-what-they-cost/.

[4] Exploding Topics, How Much Data Is Created Every Day in 2025?,

https://explodingtopics.com/blog/data-generated-per-day# (last updated Mar. 25, 2025).

[5] Heart of Atlanta Motel, Inc. v. United States, 379 U.S. 241 (1964)

[6] Wickard v. Filburn, 317 U.S. 111 (1942).

[7] United States v. Lopez, 514 U.S. 549 (1995)

[8] Grand View Rsch., Big Data Market Size, Share & Trends Analysis Report By Component, By Hardware, By Software, By Service, By Application, By End Use, By Region, And Segment Forecasts, 2024 - 2030 (2024), https://www.grandviewresearch.com/industry-analysis/big-data-industry.

[9] National Pork Producers Council v. Ross, 598 U.S. ___ (2023)

[10] Unif. L. Comm’n, Uniform Commercial Code, https://www.uniformlaws.org/acts/ucc (last visited Apr. 1, 2025).

[11] Yale Env’t Ctr., Clearing the Air: Navigating Commerce Clause Complexities in Federal Environmental Regulation (Oct. 30, 2023), https://envirocenter.yale.edu/posts/2023-10-30-clearing-the-air-navigating-commerce-clause-complexities-in-federal-environmental.

[12] Railroad Gauges, Standardization of, Encyclopedia.com, https://www.encyclopedia.com/history/encyclopedias-almanacs-transcripts-and-maps/railroad-gauges-standardization (last visited Apr. 1, 2025).