Currently, a drafted piece of data privacy legislation called the American Data Privacy and Protection Act (ADPPA) is going through the US Congress. After some research and discussion, we analyzed what's in the proposed bill.
The bill would:
• Provide for a data minimization requirement. The FTC would be charged with determining what sort of data collection is considered “reasonably necessary, proportionate, and limited.”
• Give Americans the ability to access their data, request that it be deleted or corrected, and export it elsewhere.
• Prohibit companies from serving targeted ads to children under 16.
• Limit how companies can process and share certain sensitive data.
• Require large data holders to conduct annual civil rights assessments on their algorithms’ impacts and report these to the FTC.
There are two aspects of the draft that will likely prove particularly controversial:
• It provides for a private right action that would take effect four years after the law is enacted.
• It allows for the pre-emption of state privacy laws.
The Bill is unlikely to pass this year but will probably serve as a template for legislation going forward. Bipartisan interest in the bill is unusual in a famously divided Congress, and an indication that this is a serious bill. The House Energy and Commerce Committee is set to hold a hearing on the issue on June 14.
If you have any questions, please reach out for a free consultation here.
While bipartisan legislation to establish a federal privacy law in the United States – the American Data Privacy and Protection Act – moves through Congress, the Federal Trade Commission (FTC) has now taken steps to address existing and emerging issues related to commercial data and to consider the possibility of updating requirements.