In what is being called the American Privacy Rights Act (Act), some are suggesting this could be the one! For many years, Congress has been unable to come together to craft a national privacy law. There have been several snags, including whether to preempt state privacy laws and whether to provide a private right of action. However, it looks like House Energy and Commerce Chair Cathy McMorris Rodgers (R-Wash.) and Senate Commerce Chair Maria Cantwell (D-Wash.) may have come to terms on such a law.
As reported in Bloomberg, the two lawmakers noted:
“This bipartisan, bicameral draft legislation is the best opportunity we’ve had in decades to establish a national data privacy and security standard that gives people the right to control their personal information,” Rodgers and Cantwell said in a statement on Sunday. “Americans deserve the right to control their data and we’re hopeful that our colleagues in the House and Senate will join us in getting this legislation signed into law.”
Following the enactment of the California Consumer Privacy Act, many states have followed California’s lead including, most recently, New Jersey, New Hampshire, and Kentucky. The state laws are quite similar in structure – a broad definition of personal information, duties for businesses/controllers and service providers/processors (e.g., notice, policy, safeguards, data minimization), and greater rights and transparency for consumers concerning their personal information (e.g., opt out of sale, deletion, correction, etc.). However, there are differences state to state.
Still at the early stages, the Act attempts to push through the challenges of prior failed efforts and remedy the patchwork of state privacy laws. The draft legislation includes a private right of action and a state law preemption provision, while also including many of the same rights for consumers now enjoyed by residents of some states. A section by section summary provides more details.