At the state level, California, Colorado, and Virginia have enacted broad privacy regulations, some modeled on Europe’s data protection act, GDPR (General Data Protection Regulation). The appearance of a patchwork of state laws can sometimes make federal regulation nearly inevitable, as the regulated companies themselves eventually start wishing for simple uniformity. Unfortunately, according to many experts, companies often aim to subvert the process by proposing intentionally toothless legislation.