A proposal for comprehensive digital privacy policy, one of the most contentious matters of the online era, is being floated in Congress by lawmakers in key positions to get it enacted. If passed, the bipartisan measure will mean big changes not just for consumers and tech businesses but also for federal and state privacy regulators.
The discussion draft, called the American Privacy Rights Act, would set a first-of-its-kind national rule for how companies can collect, use, and move a consumer’s data. It would also allow users to opt out of targeted advertising, access and delete their data, and take their data with them to other digital businesses. Larger social media platforms and companies dealing in sizable amounts of data would face heightened scrutiny under the law, while businesses with less than $40 million in annual gross revenue would be exempt from the proposal’s requirements.
Crucially, the proposal addresses what have been logjams in previous efforts: federal preemption of state privacy laws and a private right of action. Senate Commerce Committee Chairwoman Maria Cantwell (D-WA) and House Energy and Commerce Committee Chairwoman Cathy McMorris Rodgers (R-WA) released the draft bill and hope it contains enough concessions to gain both Republican and Democratic support.
Congressional Republicans may favor the proposal’s preemption of state privacy laws, including California’s strictest in the nation. In the absence of a federal rule, companies doing business in multiple states often comply with the most severe state regulatory regime rather than accommodating a patchwork of different rules state by state.
In a statement, the CEO of the Consumer Technology Association, Gary Shapiro, praised the draft bill. “We support a national privacy standard that preempts state laws, providing legal clarity for companies to operate and consistent protections across state borders for consumers,” he said. Most of the industry has long called for certainty and a unified rule on privacy.
Democrats may be pleased with the private right of action in the proposal, allowing users to pursue damages in court if companies violate the new law. It remains to be seen if those concessions bring support from members of both parties or give them cause to stay away.
Industry is still absorbing the details of the plan. Sarah Barrows, global head of privacy and product counsel for NextRoll, a digital marketing company, told the Washington Examiner that any “dreaded right of private action” included in any proposal “should be laser-focused on encouraging compliance and rectifying actual harm to actual American citizens and not to a plaintiff’s bar rubbing their hands together in glee.” She added that the APRA “does seem to strike a balance by limiting this right with a notice to cure in cases alleging harm, requiring pleading and evidence of harm.”
Privacy matters have been driving actions in varied policy areas lately. Concerns over U.S. user data ending up in the hands of the Chinese government helped pass the “divest or be banned” law against TikTok last month. In a separate bill, passed just days later, the House voted 414-0 to make the sale of American user information from data brokers to adversarial countries illegal.
The Federal Communications Commission recently fined AT&T, Sprint, T-Mobile, and Verizon nearly $200 million for allegedly illegally sharing access to customers’ location data. Interestingly, under the APRA, the FCC would be stripped of that authority, instead empowering the Federal Trade Commission with oversight of data privacy matters.
CLICK HERE TO READ MORE FROM THE WASHINGTON EXAMINER
But the fate of the APRA remains unknown. The bill has yet to be introduced and must pass both chambers before President Joe Biden can sign it into law. Biden has stated his support for federal privacy action but has largely focused on children’s safety concerns online. With the election looming increasingly largely in the minds of elected officials, the shot clock is running down on passing any legislation. An additional challenge is that one of the bill’s assumed sponsors, McMorris Rodgers, plans to step down from Congress in January.
This time crunch may make it harder to refine the details of the bill and get industry on board. Barrows noted, “The uncertainty and overreaching of sloppy drafting creates an undue and significant burden on businesses who may want to comply but cannot afford it or take the risk of getting it wrong and having their compliance efforts thwarted.”
