The US Congress is closer than ever to passing a sweeping law that would establish national standards for how technology companies collect and use the personal data of American citizens. The proposed legislation, known as the ADPPA (The American Data Privacy and Protection Act), is set to replace state-by-state laws, including California's pioneering California Consumer Privacy Act.
The ADPPA aims to establish comprehensive privacy protections for Americans by setting standards for data collection and use across industries. The legislation would leave in place sixteen key areas where specific laws exist, including civil rights, criminal information, student and employee privacy, data leak notification requirements, facial recognition, and financial and health records.
The bill builds on the key principles of the EU's General Data Protection Regulation (GDPR), including the right for users to receive their personal data, correct or delete their data, and expanded privacy rights for minors.
If passed, the ADPPA would require companies to minimize the amount of data they collect and only collect information necessary for the functioning of their businesses. Users would be allowed to request their personal data, and companies would be required to notify third parties of any changes.
The privacy rights of minors would be expanded, including a ban on companies distributing targeted advertisements to users under the age of 17. The data collected could not be used as a basis for discrimination based on race, sex, religion, and other protected characteristics.
The House Energy and Commerce Committee has voted on the amended version of the law, which was presented as a bipartisan bill, and won an absolute majority of 53-2.
The last time Congress seriously debated comprehensive federal privacy legislation was two decades ago, making this development a significant step towards better privacy protection for Americans.
However, the law may not pass without the support of Senator Maria Cantwell, the chairwoman of the Senate Commerce Committee. Cantwell has called for stricter enforcement measures, including limits on forced arbitration and a broad right for individuals to sue companies that violate the law.
While the House committee made some changes in response to Cantwell's objections, it remains to be seen whether they will be enough to win her support.
The original bill delayed the "private right to sue" for four years, giving companies and regulators time to adjust. Still, the period was cut in half to two years during the last debate. If the law passes, it would be a significant win for privacy advocates in the US and bring data protection laws more in line with those of the EU.
Comments