Bipartisan Congressional Leaders Introduce Federal Data Privacy Bill

Farella Braun + Martel LLP
Contact

Farella Braun + Martel LLP

Senator Maria Cantwell (D-Washington) and Representative Cathy McMorris Rodgers (R-Washington) have presented a draft of a federal data privacy law, the American Privacy Rights Act (APRA). APRA would largely preempt the various state privacy laws enacted over the past few years.

Businesses (whether for-profit or non-profit) would be subject to the law if they:

  • have average annual gross revenues of $40,000,000 or greater over the three previous years;
  • collect, hold, transfer, or process the data of at least 200,000 consumers per year on average; or
  • transfer any consumer personal information for value.

Key provisions of APRA would protect consumers by:

  • limiting the personal information companies could collect, store, and use, requiring such information to be necessary for the company to provide the consumer with goods and services;
  • allowing consumers to prevent the transfer or selling of their information;
  • allowing consumers to opt out of the processing of their data if the company changes its privacy policy;
  • giving consumers the rights to access, correct, delete, and transfer their data;
  • allowing consumers to opt out of targeted advertising;
  • preventing companies from using consumer information to discriminate;
  • allowing consumers to opt out of a company’s use of algorithms for eligibility for housing, employment, healthcare, credit opportunities, education, insurance, or access to places of public accommodation;
  • requiring strong data security standards for which company executives will be accountable; and
  • requiring companies to notify consumers when their data is transferred to foreign adversaries.

Notably, not only would the FTC and state AGs have enforcement power, but APRA creates a private right of action. This is in stark contrast to most state laws, such as California's CCPA, which provides a private right of action only in connection with a data breach.

APRA makes some nods to existing state laws, giving consumers certain claims regarding biometric information in Illinois and California residents the ability to recoup statutory damages for data breach claims as permitted under the CCPA.

The likelihood of the bill's becoming law is unknown at this point, but should come clear in the coming month as it makes its way through committee.

The American Privacy Rights Act gives Americans fundamental, enforceable data privacy rights, puts people in control of their own data and eliminates the patchwork of state laws

republicans-energycommerce.house.gov/...

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© Farella Braun + Martel LLP

Written by:

Farella Braun + Martel LLP
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Farella Braun + Martel LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide