A federal privacy law all but stalled in congress since 2022. But this week saw a sudden flurry of activity on Capitol Hill. In an unexpected turn of events, news of proposed bipartisan legislation in the United States that would establish a comprehensive national privacy standard sent shockwaves through the privacy arena.
The proposed American Privacy Rights Act, introduced on Sunday by U.S. Rep. Cathy McMorris Rodgers, R-Wash., and Sen. Maria Cantwell, D-Wash., would significantly alter how organizations collect, process, and share personal information and set a high standard for data minimization practices. Interestingly, McMorris Rodgers and Cantwell are the respective chairs of the House and Senate committees. Before any prospective floor vote, each committee must approve the bill.
Many are still digesting the 53-page discussion draft.
Most who have studied the new proposal agree that the APRA is very similar to its ADPPA predecessor.
What’s In It?
The American Privacy Rights Act (APRA) would allow Americans to opt out of targeted advertising. They would also have the right to view, correct, export, or delete personal data and prohibit its sale or transfer. The act would establish a national registry of data brokers who buy and sell personal information and require those organizations to allow people to opt out of having their data collected and shared.
The proposal is similar to the ADPPA, but some child-specific aspects that were included in the ADPPA were removed in the new measure. This may be due to the concurrent congressional legislation on a so-called “COPPA 2.0” and a separate Kids’ Online Safety Act.
Bumpy Road to Federal Privacy Law
California’s newest privacy regulator has opposed the law. In comments submitted to the IAPP and later made public, California Privacy Protection Agency Executive Director Ashkan Soltani, whose agency enforces the California Privacy Rights Act, stated that the CPPA is evaluating the bill but is “disappointed that the proposed approach to preemption is substantively the same as the (American Data Protection and Privacy Act’s), which the CPPA Board voted to oppose.”
In 2022, the CPPA, together with Congressional legislators from California, most notably then-House Speaker Nancy Pelosi, D-Calif., opposed the ADPPA due to its preemption provisions, ultimately delaying the bill by denying a floor vote.
Though no hearings are currently set, Keir Lamont stated that stakeholders are already discussing the draft, and he anticipates a formal measure “maybe in the next month,” but it is unclear whether it would be introduced in the House or Senate.
Meanwhile, states continue to fill the void that may soon be filled by federal privacy legislation. Maryland approved a comprehensive privacy bill and is awaiting the governor’s signature. That’s the third state this year, following New Jersey and New Hampshire.
This is a historical milestone. Centraleyes is following the developments carefully.
Stay tuned!