Currently, a drafted piece of data privacy legislation called the American Data Privacy and Protection Act (ADPPA) is going through the US Congress. After some research and discussion, we analyzed what's in the proposed bill.

The bill would:

• ‍Provide for a data minimization requirement. The FTC would determine which types of data collection constitute "reasonably necessary, proportionate, and limited."
• Enable Americans to access their data, request its deletion or correction, and export it elsewhere.
• Prohibit companies from serving targeted ads to children under 16.
• Limit how companies can process and share certain sensitive data.
• Require large data holders to conduct annual civil rights assessments on their algorithms’ impacts and report these to the FTC.

‍There are two aspects of the draft that will likely prove particularly controversial:

• ‍A private right action would take effect four years after enacting the law.
• It allows for the pre-emption of state privacy laws.

The Bill is unlikely to pass this year. However, it will probably serve as a template for legislation going forward. Bipartisan interest in the bill is unusual in a famously divided Congress, and an indication that this is a serious bill. The House Energy and Commerce Committee will hold a hearing on this data privacy legislation issue on June 14.

If you have any questions, please reach out for a free consultation here.