A bipartisan US federal data protection law has been drafted by two US lawmakers, aiming to codify and enforce privacy rights for all US citizens.
Congresswoman Cathy McMorris Rodgers (R-WA 5th District) who is the House Committee on Energy and Commerce Chair, and Senator Maria Cantwell (D-WA), the Senate Committee on Commerce, Science and Transportation Chair, unveiled the draft legislation on April 7, 2024.
They have dubbed the draft bill the American Privacy Rights Act.
The national law aims give US citizens greater control over their personal data, limiting the ability of big tech firms to process, transfer and sell such information.
It also mandates stronger cybersecurity standards for organizations to protect personal data they hold from being hacked or stolen, giving enforcement powers to the Federal Trade Commission (FTC), States and individuals for any violations.
Key provisions in the draft Act include:
- Minimizing the data that companies can collect, keep, and use about people, of any age, to what companies actually need to provide them products and services
- More powers for citizens to control how their personal data is used, such as preventing the transfer or selling of their data, opting out of data processing if a company changes its privacy policy, and
- Requiring organizations to obtain express consent before sensitive data can be transferred to a third party
- Banning companies from using people’s personal information to discriminate against them in decisions about housing, employment, healthcare, credit opportunities, education, insurance, or access to places of public accommodation
- Giving individuals the right to sue organizations who violate their privacy rights
- Mandating strong data security standards that will prevent data from being hacked or stolen
- Authorizes the Federal Trade Commission, States, and consumers to enforce against violations
Rodgers commented: “This landmark legislation gives Americans the right to control where their information goes and who can sell it. It reins in Big Tech by prohibiting them from tracking, predicting, and manipulating people’s behaviors for profit without their knowledge and consent. Americans overwhelmingly want these rights, and they are looking to us, their elected representatives, to act.”
Federal Privacy Law to Eliminate “Patchwork” of State Acts
The need for a US national privacy law, based on similar principles to the EU’s General Data Protection Regulation (GDPR), has been discussed by experts for several years.
Currently, a handful of US states have passed their own data privacy laws, including California, Virginia, Connecticut and Utah.
On April 6, 2024, the Maryland General Assembly passed its own equivalent law, the Maryland Online Data Privacy Act of 2024. This Act is awaiting sign off from the state Governor at the time of writing.
However, this patchwork of legislation means that different US citizens have been afforded different levels of data privacy protections across the nation. Additionally, inconsistent state rules in this area has created additional burdens for businesses who operate nationwide, who have been forced to establish separate, highly-specific protocols for relatively small collections of users in different states.
Rodgers and Cantwell said that their draft legislation represents the best opportunity in decades to establish a national data privacy and security standard in the US.
“This landmark legislation represents the sum of years of good faith efforts in both the House and Senate. It strikes a meaningful balance on issues that are critical to moving comprehensive data privacy legislation through Congress. Americans deserve the right to control their data and we’re hopeful that our colleagues in the House and Senate will join us in getting this legislation signed into law,” they stated.