New federal privacy bill called a ‘consensus’ of existing state laws

Richard Sharrocks via Getty Images

Featured eBooks
Artificial Intelligence and Efficiency
Changing Workforce
Future of Tech Infrastructure
Insights & Reports
TDM modernization: An action plan for the copper sunset
Presented By Lumen
Download Now
Accessible PDFs Made Easy: A Compliance Guide for State & Local Governments
Presented By CivicPlusNEW
Download Now
Chris Teale By Chris Teale,
Managing Editor, Route Fifty

By Chris Teale

|

Congress is trying again for a national data privacy standard that would preempt current regulations in 22 states, but opponents argue a patchwork is better than this effort.

After multiple failed attempts, the House is once again trying to pass a national data privacy law, and proponents argue that this one can succeed where the rest have failed.

Rep. John Joyce, a Pennsylvania Republican and the leader of the House Energy and Commerce Committee’s Data Privacy Working Group, introduced the Securing and Establishing Consumer Uniform Rights and Enforcement over Data Act, known as the SECURE Data Act, in April.

Lawmakers and expert witnesses got their first chance this week to debate the new legislation, and many argued that it takes the most positive aspects of the 22 state-level data privacy laws and codifies them into a national standard. States have legislated in the absence of Congressional action with various laws, whether they be comprehensive data privacy laws or focused on narrower issues like data security.

Related articles

Congress tries again on national preemptive data privacy law

State privacy officers persist despite limited resources, report finds

New ‘quirks’ could make states’ privacy laws impossible to follow, experts worry

“The SECURE Data Act takes the best ideas of the state privacy laws and incorporates many of the ideas developed over the past several years,” said Rep. Gus Bilirakis, a Florida Republican who chairs the Subcommittee on Commerce, Manufacturing, and Trade, during his opening statement. “It seeks to establish meaningful consumer protections while creating a uniform national standard that promotes innovation, economic growth and regulatory certainty.”

Supporters said the new bill incorporates various positive aspects and requirements from existing state privacy laws, including protecting consumers’ ability to exercise control over their personal data; having heightened safeguards for processing sensitive data; requiring disclosures to consumers; placing restrictions and obligations on service providers; and setting data security requirements.

“Equally important, however, is that these agreed upon privacy protections are effective,” Tyler Bridegan, a partner in the Privacy and Cybersecurity team at the international law firm Womble Bond Dickinson LLP and a former director of privacy and technology enforcement for the Texas Attorney General’s Office, said in written testimony. “When enforced properly, these requirements provide a powerful tool for consumers and government regulators alike.”

Others noted the bipartisan nature of those state-level privacy laws and applauded that the SECURE Data Act uses a similar structure. 

Kate Goodloe, managing director at the Business Software Alliance technology trade group, said it is built on a “core set of rights for consumers,” based on the consensus that they should be able to access, correct, or delete their data, and have the right to opt out of their data’s sale.

Having a strong foundation in state laws that have already passed means this latest effort should be less likely to flounder, she said, as lawmakers in state legislatures have already shown what is possible.

“In the past, efforts to draft comprehensive federal privacy legislation started from a blank slate, without the benefit of a consensus to emerge from the states,” Goodloe said in written testimony. “But the landscape of American consumer privacy laws is no longer blank. Four years ago, when this Committee advanced a comprehensive privacy bill to the full House of Representatives, just one state privacy law was in effect. Today, 22 states have acted. Grounding federal privacy legislation in the structure already widely adopted across the states is a critical step.”

Critics, however, derided this latest piece of legislation, not just for preempting existing state laws but also for the other aspects contained within. They noted its partisan nature, compared to previous bipartisan bills that have been debated in Congress.

Caitriona Fitzgerald, deputy director at the nonprofit Electronic Privacy Information Center, said the bill is “fundamentally flawed” and too weak, as it “sets a weaker standard than the weakest state law as the national ceiling.”

Fitzgerald said the bill puts the onus on individuals to protect their own privacy rather than set any limitations on the companies that collect that data, and strips away key protections that exist in state law, including requirements to honor universal opt-out mechanisms to allow consumers to opt out quickly from targeted advertising and the sale of their personal data. And she said it does not require companies to carry out data protection assessments, nor does it include a private right of action that would help enforce it.

“Rather than advancing consumer rights, its passage would cement weak rules into law, deter stronger future laws, and leave Americans more vulnerable than ever,” Fitzgerald said in written testimony. “Passage of the SECURE Data Act would put many Americans in a worse position than they are in now, making the enactment of this bill worse than no federal privacy law at all.”

Some lawmakers were similarly perturbed. Rep. Frank Pallone, a New Jersey Democrat who is the full committee’s ranking member, said in his opening statement that preempting existing state laws would “eliminate hard won privacy protections that millions of Americans currently enjoy,” and “invalidate any state law that relates to the bill.” And it would mean states would be “forever barred” from addressing future harms.

“[This] bill locks in the failed notice and consent status quo, then compounds loophole upon loophole to water down its provisions,” Pallone said. “And then, to make matters worse, it adds expansive preemption that will leave many Americans with fewer privacy protections than they have today. Rather than taking the strongest consumer protections from the existing state privacy laws, this bill is assembled from industry-friendly state privacy laws that have been pushed by Big Tech. It is, therefore, no surprise that this bill allows Big Tech and others to continue their ongoing privacy violations.”

NEXT STORY: How agencies can balance AI’s potential and risks for cyber attacks

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.