Currently, a drafted piece of data privacy legislation called the American Data Privacy and Protection Act (ADPPA) is going through the US Congress. After some research and discussion, we analyzed what's in the proposed bill.
The bill would:
• Provide for a data minimization requirement. The FTC would be charged with determining what sort of data collection is considered “reasonably necessary, proportionate, and limited.”
• Give Americans the ability to access their data, request that it be deleted or corrected, and export it elsewhere.
• Prohibit companies from serving targeted ads to children under 16.
• Limit how companies can process and share certain sensitive data.
• Require large data holders to conduct annual civil rights assessments on their algorithms’ impacts and report these to the FTC.
There are two aspects of the draft that will likely prove particularly controversial:
• It provides for a private right action that would take effect four years after the law is enacted.
• It allows for the pre-emption of state privacy laws.
The Bill is unlikely to pass this year but will probably serve as a template for legislation going forward. Bipartisan interest in the bill is unusual in a famously divided Congress, and an indication that this is a serious bill. The House Energy and Commerce Committee is set to hold a hearing on the issue on June 14.
If you have any questions, please reach out for a free consultation here.
The European Commission’s announced in December that it has begun its process to adopt an adequacy decision for the EU-U.S. Data Privacy Framework (the Framework). Companies seeking to transfer data from countries in the European Union to the United States will need to take steps to be in alignment with this new change.