The USA has formally commenced the legislative process for its Federal Privacy Law the American Data Privacy and Protection Act (“ADPPA”), which—if passed—would represent the United States’ first all-encompassing federal privacy law.
What stage is the legislation at?
June 23rd 2022 was designated as the day the U.S. House Energy and Commerce Committee’s Subcommittee on Consumer Protection and Commerce debated the bill and questioned a panel of eight witnesses during the allocated three-hour session time.
Having listened and paid regard to those discussions, the ADPPA bill was formally introduced into the House of Representatives reference (H.R 8152) by three republican and two Democratic representatives.
At long last, the tide is changing in favour of federal privacy law and is now being treated with greater importance and supported by both sides of the house.
The current mishmash of state-level privacy laws could yield to an ADPPA law that ensures that no matter where a consumer resides, they will have uniform rights over how their data is collected used, retained and shared.
The optimists are signalling that the law could be enacted as early as the end of 2022.
What Data Laws are in place at the moment?
Comprehensive US Data Laws
a) California – CCPA and the soon-to-be CPRA
b) Colorado – The Colorado Privacy Act including the Colorado Consumer Protection Act (CCPA)
c) Connecticut – The Personal Data Privacy and Online Monitoring Act;
d) Utah – CPA
e) Virginia – CDPA
Other states have enacted their own privacy laws but fall short of being comprehensive mostly covering data breach reporting. or are considering the introduction of state privacy laws to protect state residents from misuse of their data.
Are there any other laws to consider concerning data?
Yes specific industry laws that protect data and the rights of individuals are
a) HIPAA
b) FCRA
c) FERPA
d) GLBA
e) ECPA and
f) COPPA
The above regulations were enacted for specific purposes but have their limitations as they are based on the data controllers that collect and process the data. The new federal law aims to fill the gaps that these specific laws have produced over time, that have become outdated
Who is Covered by the new proposed ADPPA Law?
The definition of a covered entity under the ADPPA is an organisation that “collects, processes, retains, and transfers covered data and fall under the Federal Trade Commission Act,” in addition to non-profit organizations and common carriers. “
What is Covered data?
The definition under the ADPPA is described as any “information either alone or together with other information identifies or is linked or is linked to an individual or identifies or is linked to a device owned by that individual .in unique identifiers.
But there is one huge Exemption
Both Employee data, and data that is publicly available do not qualify as being “covered data.”
As a data privacy professional, I think this is a big mistake.
Sensitive Personal data
Under the ADPPA sensitive covered data, includes
Government Identifiers such as
a) Social Security numbers
b) Driver’s license numbers
Other Categories
a) health,
b) geolocation,
c) financial,
d) log in,
e) Racial, and
f) sexual information.
Sensitive covered data may also go as far as including new classifications such as
a) television viewing data,
b) intimate images, and “
c) information identifying an individual’s online activities across third-party websites or online services.”
Who would enforce the ADPPA?
At this point in time, it is understood to be the FTC, state attorneys general office,
A privacy right of action carried out by an individual would permit any individual to file a lawsuit in federal court seeking compensation or redress including damages, injunctive or declaratory relief, including legal fees
We will provide more information as it passes through the house.