Lawmakers Continue Push for Federal Data Privacy Law
In 2022, the bipartisan, bicameral American Data Privacy and Protection Act (ADPPA) was proposed to introduce a new federal data privacy law to replace the current patchwork of privacy laws that exist at the state level. The legislation progressed further than any previous attempt to introduce a federal data privacy law, advancing past the House Energy and Commerce Committee with a vote of 53-2 to the verge of a House vote. While the ADPPA has strong bipartisan support, it is currently not strong enough for the ADPPA to survive a House vote, with California one of the most vocal states opposing the ADPPA in its current form.
Ahead of a second House Energy and Commerce Committee hearing on March 1, California Governor Gavin Newsom, Attorney General Rob Bonta, and the California Privacy Protection Agency (CPPA) wrote to Congress confirming their opposition to the ADPPA, although they welcomed the need for stronger federal action to protect the privacy of Americans.
The major sticking point for California is the preemption language of the ADPPA, which sets a ceiling rather than a floor for privacy standards. In its current form, the ADPPA would not allow states to introduce stricter privacy protections than those of the ADPPA. California has some of the strictest privacy protections in the United States, so while ADPPA introduces stronger privacy protections than currently exist in many states, it would weaken protections for California residents and could potentially compromise the ability of the CPPA to fulfill its mandate to protect the privacy of Californians.
“National data privacy laws passed by Congress should strengthen, not weaken our existing laws here in California,” said Governor Newsom. “As personal data is routinely bought and sold it is critical that consumers have the ability to consent to the sharing of this information, especially in an era where Roe v. Wade has been overturned and access to personal data can be used in legal proceedings. California has been on the leading edge when it comes to creating new digital technology, but we have also coupled these advances with stronger consumer protections. The rest of the nation should follow our lead.”
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Specifically, Newsom, Bonta, and the CCPA have requested the language be changed to allow states to respond to changes in technology and data collection practices and ensure that the ADPPA is passed without a preemption clause to preserve California’s authority to establish and enforce data privacy protections in the state. However, the preemption was a tradeoff necessary for the ADPPA to get such strong support. The ADPPA is viewed by many as a way to escape the growing burden of complying with state privacy laws, which is becoming unsustainable for small and medium-sized businesses. Federal privacy protections will improve consumer privacy and provide some certainty for small businesses, but if states can introduce more stringent laws, there are fears that businesses will be forced to spend even more of their time on legal and compliance matters.
At the Committee hearing, House Energy and Commerce Committee Chair Cathy McMorris Rodgers (R-WA) confirmed that data privacy and security remain a major focus and are vital to ensure America’s global competitiveness edge against China, and the need to rein in big tech firms, protect children online, and put people in charge of their personal data.
“Americans have no say over whether and where their personal data is sold and shared, they have no guaranteed way to access, delete, or correct their data, and they have no ability to stop the unchecked collection of their sensitive personal information,” said McMorris Rodgers. “This isn’t acceptable. Data brokers and Big Tech’s days of operating in the dark should be over. People should trust that their data is being protected.”
The consumer privacy issues at the heart of the matter were discussed by the Committee, including the need to regulate data brokerage and rein in big tech firms. Currently, huge amounts of consumer data are being collected and data brokers are selling data virtually unrestricted and without oversight, and Americans are largely unaware of the extent to which their personal data are being used and sold.
“Members of both parties talk a lot about holding Big Tech accountable, and I firmly believe that the way to do that is by adopting a strong national privacy standard that limits the excesses of Big Tech and makes the digital world safer,” said Energy and Commerce Committee Ranking Member Frank Pallone, (D-NJ), referring to the data broker industry as operating in a shadow world, free from oversight and restriction. “We simply cannot go another Congress without passing comprehensive privacy legislation.”
Progress is being made, but there is still a considerable way to go to build sufficient consensus to get the ADPPA over the line and signed into law this year.