The United States is poised to act on privacy, but its lawmakers cannot agree on what to do. A range of options are now before American lawmakers, nudged by European law including the GDPR, as well as by state laws like the California Consumer Privacy Act (CCPA). America could choose a data protection model like the GDPR in a strong form protective of fundamental rights or in a watered-down “GDPR-lite” version. It could choose to take a consumer protection direction, imposing substantive rules to protect consumer trust. And any federal regime could either pre-empt state law rules or work in tandem with them. Any US privacy regime would also raise important questions of adequacy and interoperability. This panel delves into all of these urgent and important questions.